US20080178300A1 - Selectively wiping a remote device - Google Patents
Selectively wiping a remote deviceDownload PDFInfo
- Publication number
- US20080178300A1 US20080178300A1US12/016,723US1672308AUS2008178300A1US 20080178300 A1US20080178300 A1US 20080178300A1US 1672308 AUS1672308 AUS 1672308AUS 2008178300 A1US2008178300 A1US 2008178300A1
- Authority
- US
- United States
- Prior art keywords
- data
- command
- client device
- authorization level
- data types
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/88—Detecting or preventing theft or loss
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
- H04W12/033—Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Definitions
- the present disclosurerelates generally to the field of computer and network security, and more particularly, to wiping data stored on a remote device such as a mobile communication device.
- Data stored in the memory of a communication and/or computing devicemay include data of a sensitive or critical nature that is accessible only by authorized users.
- datamay include e-mail, calendar information, contact information in an address book, and other information that may be utilized, received, or transmitted by or from the communication device in the execution of communication-related or productivity-related applications.
- the datamay further include applications, or data files created at the device or received by an authorized user at the device that are personal to the user, or that are used by the device for the management of data and/or security functions on the communication device.
- Such dataincludes information technology (IT) policies, which may comprise rules concerning a variety of security and management-related issues, such as user authorization to use certain functions or install software on the communication device, encryption algorithms in wireless communication, and authentication processes to be employed before allowing user access to data on the device, for example if an authentication token such as a smart card is required.
- ITinformation technology
- FIG. 1is a schematic of a network for implementing a system and method of preventing access to data.
- FIG. 2is a block diagram of a mobile communication device for use with the network of FIG. 1 .
- FIG. 3is a schematic representation of data stored in a memory store of a communication device.
- FIG. 4 ais a schematic representation of data that may be incorporated into an exemplary IT policy.
- FIG. 4 bis a further schematic representation of data that may be incorporated into an exemplary IT policy.
- FIG. 5is a schematic representation of a flag in accordance with one embodiment.
- FIG. 6is a flowchart of a method for processing a wipe command at a communication device.
- FIGS. 7 a and 7 bare flowcharts of methods for executing a wipe command.
- FIGS. 8 a and 8 bare example user interfaces for issuing a wipe command.
- FIGS. 9 a , 9 b , and 9 care further example user interfaces for configuring wipe permissions.
- While datamay be protected by requiring the user to enter a valid password in order to access applications or data on the device, or by encrypting data stored on the device such that access to the data requires decryption by a valid decryption key, there are instances when the device may be compromised, decommissioned, or redeployed, making it desirable to delete or “wipe” data, including applications, on the communication device so that it cannot be accessed by unauthorized or malicious users. However, it may not always be necessary or desirable to wipe all data and applications from a device.
- a method for selectively securing data from unauthorized access on a client device storing a plurality of data typescomprising receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determining which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and securing the data of the data types indicated by the value comprised in the identified predefined rule.
- determining which of a plurality of data types is to be securedfurther comprises, when a predefined rule associated with the authorization level indicated in the received command is not found, identifying a predefined rule associated with the next highest authorization level that is lower than the indicated authorization level.
- the plurality of predefined rulesis stored at the client device in association with an IT policy.
- securing the datafurther comprises setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured; in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
- securing the datacomprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data.
- the securing operationmay comprise one of deleting the data of that data type; encrypting the data of that data type; and encrypting, then deleting, the data of that data type.
- the commandis received in an encrypted message, and prior to securing the data the command is authenticated by decrypting the message and extracting the command, such that the command is authenticated if the command is extracted successfully.
- the client devicemay comprise a mobile communications device, and the command may be received over the air, or received from input at the client device, or received as detection of a predetermined action, condition or trigger for the execution of the wipe command at the client device.
- the methodmay comprise defining, at a location remote from the client device, a plurality of predefined rules associated with an authorization level; and transmitting to the client device the plurality of predefined rules thus defined.
- Defining the plurality of predefined rulesmay comprise, for a given authorization level, presenting a set of configuration options for configuring securing operations for each of the plurality of data types for authorization levels lower than the given authorization level; and constructing a plurality of rules comprising selected configuration options.
- the data typesmay comprise at least one of an operating system, encryption and decryption keys, personal information management applications, messaging applications, e-mail data, short message service data, instant messaging data, multimedia message data, voicemail data, calendar data, address book data, or IT policies.
- a computer readable memoryhaving recorded thereon statements and instructions for execution by a computer to receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determine which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and secure the data of the data types indicated by the value comprised in the identified predefined rule.
- a method for selectively securing data from unauthorized access on a client device storing a plurality of data typescomprising receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determining which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and securing only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
- securing the datafurther comprises setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured; in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
- securing the datacomprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data.
- computer readable memoryhaving recorded thereon statements and instructions for execution by a computer to receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determine which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and secure only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
- a mobile client devicefor selectively securing data from unauthorized access on the client device storing a plurality of data types
- the devicecomprising a processor; a memory storing data comprising at least one of a plurality of data types; and a receiver operatively connected to the processor for receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; wherein the processor is configured to determine, using at least one predefined rule associated with the authorization level indicated by the authorization level indicator, which of a plurality of data types is to be secured and to secure the data stored in the memory corresponding to each of the plurality of data types thus determined.
- each of the predefined rulesis associated with one of a plurality of authorization levels, and each of the predefined rules comprises a value indicating each of the plurality of data types to be secured in response to a received command, and wherein the processor is further configured to identify the predefined rule associated with the authorization level indicated in the received command, and to secure only those data types indicated by the value comprised in the identified predefined rule.
- the devicefurther comprises a memory for storing a flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, the processor being further configured to set the flag; in response to the received command, check each of the subset values of the flag, and carry out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, reset the subset values to indicate that no further securing operation is to be carried out.
- the processormay be configured to secure the data by deleting the data corresponding to each of the plurality of data types thus determined from the memory, or to secure the data by encrypting the data corresponding to each of the plurality of data types thus determined in the memory.
- the commandmay be received in an encrypted message, and the processor is configured to decrypt the message and extract the command, such that the command is authenticated if the command is extracted successfully.
- FIG. 1an overview of an exemplary communication system for use with the embodiments described below is shown.
- One skilled in the artwill appreciate that there may be many different topologies, but the system shown in FIG. 1 helps demonstrate the operation of the systems and methods described in the present application. There may be many communication devices connected to the system that are not shown in the simple overview of FIG. 1 .
- FIG. 1shows first communication device, here a client personal computer 10 , a network, here the Internet 20 , a server system 40 , a wireless gateway 85 , wireless infrastructure 90 , a wireless network 105 and a second communication device, here a client mobile communication device 100 .
- client devicespersonal computers, mobile devices, mobile communication devices, communication devices, computing devices, or data storage devices may comprise devices whose main function is directed to data or voice communication over a network and data storage, but may also be provided with personal or productivity applications, or devices whose main function is directed to computing or executing productivity applications, but are also adapted to enable a user to communicate over a network.
- Such devicesinclude, but are not limited to, laptop and notebook computers, PDAs, smartphones, and the like.
- the client deviceis capable of communicating over a wireless network, as set out in further detail below.
- a client personal computer 10may, for example, be connected to an ISP (Internet Service Provider) on which a user of the system has an account, located within a company, possibly connected to a local area network (LAN), and connected to the Internet 20 , or connected to the Internet 20 through a large ASP (application service provider).
- ISPInternet Service Provider
- LANlocal area network
- ASPapplication service provider
- the wireless gateway 85 and infrastructure 90provide a link between the Internet 20 and wireless network 105 .
- the wireless infrastructure 90determines the most likely network for locating a given user and tracks the user as they roam between countries or networks.
- Messages and other datamay be delivered to the client mobile device 100 via wireless transmission, typically at a radio frequency (RF), from a base station in the wireless network 105 to the client mobile device 100 .
- RFradio frequency
- the particular network 105may be any wireless network over which messages may be exchanged with a mobile communication device.
- the client mobile device 100may also receive data by other means, for example through a direct connection to a port provided on the mobile device 100 , such as a Universal Serial Bus (USB) link.
- USBUniversal Serial Bus
- the server system 40may be implemented, for example, on a network computer within the firewall of a corporation, a computer within an ISP or ASP system or the like.
- the server system 40may act as the application, network access, and/or file server for one or more communication devices.
- the server system 40also acts as an authoritative server for managing IP policies and issuing software and security-related commands to the client devices 10 , 100 .
- the mobile device 100if it is configured for receiving and possibly sending e-mail, may be associated with an account on the server system 40 .
- the software products and other components that are often used in conjunction with the functions of the server system 40 described hereinare not shown in FIG. 1 , as they do not directly play a role in the system and method described below.
- the server system 40may support either a so-called “pull” or “push” message access scheme, wherein the mobile device 100 requests that stored messages be forwarded by the message server to the mobile device 100 (“pull”), or the server system 40 may be provided with means for automatically redirecting messages addressed to the user of the mobile device 100 as they are received (“push”).
- the server system 40may be used to provide administrative functions for the client devices 10 and 100 , for example by establishing and transmitting information technology (IT) policies.
- ITinformation technology
- administrator accessis provided at the server system 40 for issuing various commands relating to the management and security features of the client devices 10 , 100 , although the system and method described herein may be implemented from another device on the network, if such administrator-level access is provided at the other device.
- the system of FIG. 1may be configured to provide for multiple levels of administrator-level access; for example, the system of FIG. 1 may be implemented for use with an organization or institution mandating multiple levels of security authorization and IT support.
- the IT support rolesmay comprise “help desk” support, which is authorized to provide a first set of administrator and IT support services to users of client devices 10 , 100 such as application support and certain security-related support such as resetting passwords, but is not authorized to provide certain higher-level administrator functions relating to more sensitive security issues; and “security” IT support with a higher level of authorization for providing a second set of administrator and IT support services to the users of the client devices 10 , 100 , such as deploying and redeploying client devices 10 , 100 , configuring security protocols at and between the client devices 10 , 100 and the server 40 , and other functions that may require a greater level of knowledge, certification, trust, or security clearance to implement or configure.
- the level of authorization provided to particular support or administrative personnelmay be determined by the server 40 in accordance with a predetermined IT policy when the individual support person logs into the server 40 ; upon login, the server 40 may look up the individual's administrative authorization level, and provide the individual with access to the functions commensurate with his or her authorization level.
- the client deviceis a communication device 100 such as a smartphone, PDA, or laptop or other mobile computer
- a single useris designated as the authorized user of the client device 10 , 100 , although more than one user may be authorized to use the client device 10 , 100 , particularly if the device is a networked desktop computer or other non-mobile device.
- the user of the devicemay have access to a varied set of functions on the device. For example, in the case of a smartphone or other client device 10 , 100 capable of voice and/or SMS communication, the voice and/or SMS functions may be disabled.
- While one method of disabling a functionis to delete or simply not install the portion of the device's applications or operating system relating to this function, this may not be feasible or desirable. Instead, the availability of the function may be determined by the IT policy configured for that device. Furthermore, users may be granted varying levels of access to configure or use the functions of the same client device 10 , 100 . Some users may only be provided with access to previously installed application programs, and may not have sufficient authority to install further applications, and may only be provided with access to a portion of the data stores of the client device 10 , 100 . Other users, with a higher level of authorization, may possess sufficient authority to install applications, access secure data such as data stored in memory locations generally designated as inaccessible to typical users at the client device, and alter selected security settings.
- the level of access afforded to the users of the client device 10 , 100may be determined by an IT policy configured for that device.
- the IT policymay be consulted by the client device 10 , 100 upon user login to determine the level of access to be granted to the user, and is stored at the client device 10 , 100 rather than only at the server 40 ; in the event that a user logs into the client device 10 , 100 while it is disconnected from the network 20 , 105 , the IT policy will still be available to the client device 10 , 100 .
- the client device 10 , 100may store data in an erasable persistent memory. In the case of a mobile device this may be flash memory. With reference to FIG. 2 , which depicts one embodiment of a mobile communication device 100 and is described in detail below, data may be stored in non-volatile memory 424 .
- the data stored on the client device 10 , 100may comprise user application data, for example e-mail messages, address book data, contact information, calendar appointments and associated information, text files, image files, and other data generated by either the user at the client device 10 , 100 , or received and stored by the communication device 100 . Referring to FIG. 3 , a schematic representation of the data stored at the client device 10 , 100 is shown.
- the data store of the communication devicemay be comprised in the non-volatile memory 424 , and may comprise different types of data such as an operating system 301 ; keys 302 , which may generally include encryption and decryption keys and addressing information for use in communicating between the communication device and the server 40 ; personal information management (PIM) applications and messaging applications 305 ; third-party applications that may have been installed by the user or an administrator 306 ; message/PIM data, such as e-mail data, short message service (SMS) data, IM data, multimedia message data, and voicemail data 310 , calendar data 311 , and address book data 312 ; other user-entered data 313 ; and IT policies 315 .
- keys 302which may generally include encryption and decryption keys and addressing information for use in communicating between the communication device and the server 40 ; personal information management (PIM) applications and messaging applications 305 ; third-party applications that may have been installed by the user or an administrator 306 ; message/PIM data, such as
- the message/PIM data 310may comprise one or more of the various types of e-mail data and other data 310 - 312 .
- Voicemail data 310may comprise digitized audio recordings, or may comprise a stub entry available for viewing in a messaging application indicating the availability of a voicemail message stored at another location.
- the user-entered data 313may comprise text-based, graphic, or other multimedia files loaded onto the communication device 100 by the user.
- the various types of data 301 through 315may be provided in whatever data format is best suited for the purpose.
- IT policy data 315may be in a human-readable format, but may also be stored in a binary format.
- FIG. 4discussed in more detail below, provides an example of the nature of the information that may be represented by IT policy data 315 .
- the communication device 100may comprise a dual-mode mobile device and includes a transceiver 411 , a microprocessor 438 , a display 422 , non-volatile memory 424 , random access memory (RAM) 426 , one or more auxiliary input/output (I/O) devices 428 , a serial port 430 , a keyboard 432 , a speaker 434 , a microphone 436 , a short-range wireless communications sub-system 440 , and other device sub-systems 442 .
- a transceiver 411the communication device 100
- the communication device 100may comprise a dual-mode mobile device and includes a transceiver 411 , a microprocessor 438 , a display 422 , non-volatile memory 424 , random access memory (RAM) 426 , one or more auxiliary input/output (I/O) devices 428 , a serial port 430 , a keyboard 432 , a speaker 434 , a
- the transceiver 411includes a receiver 412 , a transmitter 414 , antennas 416 and 418 , one or more local oscillators 413 , and a digital signal processor (DSP) 420 .
- the antennas 416 and 418may be antenna elements of a multiple-element antenna, and may be embedded antennas. However, the systems and methods described herein are in no way restricted to a particular type of antenna, or even to wireless communication devices.
- the communication device 100may comprise a two-way communication device having voice and data communication capabilities.
- the communication device 100may communicate over a voice network, such as any of the analog or digital cellular networks, and may also communicate over a data network.
- the voice and data networksare depicted in FIG. 2 by the communication tower 419 . These voice and data networks may be separate communication networks using separate infrastructure, such as base stations, network controllers, etc., or they may be integrated into a single wireless network.
- the transceiver 411is used to communicate with the network 319 , and includes the receiver 412 , the transmitter 414 , the one or more local oscillators 313 and the DSP 320 .
- the DSP 320is used to send and receive signals to and from the transceivers 416 and 418 , and also provides control information to the receiver 412 and the transmitter 414 . If the voice and data communications occur at a single frequency, or closely-spaced sets of frequencies, then a single local oscillator 413 may be used in conjunction with the receiver 412 and the transmitter 414 .
- a plurality of local oscillators 413can be used to generate a plurality of frequencies corresponding to the voice and data networks 419 .
- Informationwhich includes both voice and data information, is communicated to and from the transceiver 311 via a link between the DSP 420 and the microprocessor 438 .
- the detailed design of the transceiver 411such as frequency band, component selection, power level, etc., will be dependent upon the communication network 419 in which the mobile device 100 is intended to operate.
- the voice and data networks 419may be separate voice networks and separate data networks, or may comprise integrated voice and data networks. It will be appreciated by those skilled in the art that these embodiments may be implemented on a variety of voice and data communication networks 419 , including, but not limited to, 2G, 2.5G, 3G, 4G, and other voice and data networks, such as GSM, CDMA2000, GPRS, EDGE, W-CDMA (UMTS), FOMA, EV-DO, TD-SCDMA, HSPA, HSOPA, and the like.
- the access requirements for the communication device 100may also vary.
- mobile devicesare registered on the network using a unique identification number associated with each mobile device.
- network accessis associated with a subscriber or user of a mobile device.
- a GPRS devicetypically uses a subscriber identity module SIM, which is required in order to operate a mobile device on a GPRS network.
- SIMsubscriber identity module
- Local or non-network communication functionsmay be operable, without the SIM device, but a mobile device will be unable to carry out any functions involving communications over the data network 319 , other than any legally required operations, such as ‘911’ emergency calling.
- the communication device 100may the send and receive communication signals, including both voice and data signals, over the networks 419 .
- Signals received by the antenna 416 from the communication network 419are routed to the receiver 412 , which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog to digital conversion of the received signal allows more complex communication functions, such as digital demodulation and decoding to be performed using the DSP 420 .
- signals to be transmitted to the network 419are processed, including modulation and encoding, for example, by the DSP 420 and are then provided to the transmitter 414 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to the communication network 419 via the antenna 418 .
- the DSP 420In addition to processing the communication signals, the DSP 420 also provides for transceiver control. For example, the gain levels applied to communication signals in the receiver 412 and the transmitter 414 may be adaptively controlled through automatic gain control algorithms implemented in the DSP 420 . Other transceiver control algorithms could also be implemented in the DSP 420 in order to provide more sophisticated control of the transceiver 411 .
- the microprocessor 438manages and controls the overall operation of the communication device 100 .
- Many types of microprocessors or microcontrollerscould be used here, or, alternatively, a single DSP 420 could be used to carry out the functions of the microprocessor 438 .
- Low-level communication functionsincluding at least data and voice communications, are performed through the DSP 420 in the transceiver 411 .
- Other, high-level communication applicationssuch as a voice communication application 424 A, and a data communication application 424 B may be stored in the non-volatile memory 424 for execution by the microprocessor 438 .
- the voice communication module 424 Amay provide a high-level user interface operable to transmit and receive voice calls between the mobile device 100 and a plurality of other voice or dual-mode devices via the network 419 .
- the data communication module 424 Bmay provide a high-level user interface operable for sending and receiving data, such as e-mail messages, files, organizer information, short text messages, etc., between the communication device 100 and a plurality of other data devices via the networks 419 .
- the microprocessor 438also interacts with other device subsystems, such as the display 422 , the RAM 426 , the auxiliary input/output (I/O) subsystems 428 , the serial port 430 , the keyboard 432 , the speaker 434 , the microphone 436 , the short-range communications subsystem 440 and any other device subsystems generally designated as 442 .
- other device subsystemssuch as the display 422 , the RAM 426 , the auxiliary input/output (I/O) subsystems 428 , the serial port 430 , the keyboard 432 , the speaker 434 , the microphone 436 , the short-range communications subsystem 440 and any other device subsystems generally designated as 442 .
- Some of the subsystems shown in FIG. 2perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions.
- some subsystems, such as the keyboard 432 and the display 422may be used for both communication-related functions, such as entering a text message for transmission over a data communication network, and device-resident functions such as a calculator or task list or other PDA type functions.
- Operating system software used by the microprocessor 438may be stored in a persistent store such as non-volatile memory 424 .
- the non-volatile memory 424may be implemented, for example, as a Flash memory component, or as battery backed-up RAM.
- the non-volatile memory 424includes a plurality of software modules 424 A- 424 N that can be executed by the microprocessor 438 (and/or the DSP 420 ), including a voice communication module 424 A, a data communication module 424 B, and a plurality of other operational modules 424 N for carrying out a plurality of other functions.
- These modulesare executed by the microprocessor 438 and provide a high-level interface between a user and the communication device 100 .
- This interfacetypically includes a graphical component provided through the display 422 , and an input/output component provided through the auxiliary I/O 428 , keyboard 432 , speaker 434 , and microphone 436 .
- the operating system, specific device applications or modules, or parts thereof,may be temporarily loaded into a volatile store, such as RAM 426 for faster operation.
- received communication signalsmay also be temporarily stored to RAM 426 , before permanently writing them to a file system located in a persistent store such as the flash memory 424 .
- the non-volatile memory 424provides a file system to facilitate storage of PIM data items on the device.
- the PIM applicationincludes the ability to send and receive data items, either by itself, or in conjunction with the voice and data communication modules 424 A, 424 B, via the wireless networks 419 .
- the PIM data itemsare seamlessly integrated, synchronized and updated, via the wireless networks 419 , with a corresponding set of data items stored or associated with a host computer system, thereby creating a mirrored system for data items associated with a particular user.
- Context objects representing at least partially decoded data items, as well as fully decoded data items,are stored on the communication device 100 in a volatile and non-persistent store such as the RAM 426 .
- a volatile and non-persistent storesuch as the RAM 426 .
- Such informationmay instead be stored in the non-volatile memory 424 , for example, when storage intervals are relatively short, such that the information is removed from memory soon after it is stored.
- storage of this information in the RAM 426 or another volatile and non-persistent storeensures that the information is erased from memory when the communication device 100 loses power. This prevents an unauthorized party from obtaining any stored decoded or partially decoded information by removing a memory chip from the communication device 100 , for example.
- the communication device 100may be manually synchronized with a host system by placing the device 100 in an interface cradle, which couples the serial port 430 of the communication device 100 to the serial port of a computer system or device.
- the serial port 430may also be used to enable a user to set preferences through an external device or software application, or to download other application modules 324 N for installation. This wired download path may be used to load an encryption key onto the device, which is a more secure method than exchanging encryption information via the wireless network 419 .
- a short-range communications subsystem 440is also included in the communication device 100 .
- the subsystem 440may include an infrared device and associated circuits and components, or a short-range RF communication module such as a BLUETOOTH® module or an 802.11 module, for example, to provide for communication with similarly-enabled systems and devices.
- a short-range RF communication modulesuch as a BLUETOOTH® module or an 802.11 module, for example, to provide for communication with similarly-enabled systems and devices.
- the datais stored in a manner such that either the location of the various types of data 301 - 315 is tracked, or that the type of data stored in the memory 300 may be determined by querying a data table, represented by the schematic 350 .
- the data tablemay comprise a look-up reference correlating each type of data with one or more memory address ranges 354 .
- any IT policy datais stored in memory location addresses F0000001 through F0G00000.
- the client device 10 , 100is configured such that predetermined ranges of memory addresses are allocated to different types of data, it will be understood that the full range of memory addresses may not be utilized if only a portion of the memory allowance is required; also, the data may not be stored at consecutive memory addresses. Further, if the memory address ranges allocated to the various types of data are not predetermined, it will be understood that each type of data may not actually be stored in contiguous memory blocks; thus, a data table 350 may comprise multiple memory address ranges as necessary in order to track the locations of each data type 301 - 315 .
- each data typemay be correlated with a further tag or label 352 , and the data stored in the memory store 300 may be stored with associated tags 352 , such that the store 300 can be scanned to identify all data blocks associated with a given tag 352 .
- an IT policymay be stored at the client device 10 , 100 in a binary format.
- the content of the IT policywhich may be described as a set of predefined rules, may be configurable at the server 40 by a user or administrator vested with sufficient access privileges or security clearance, and is transmitted from the server 40 to the client device 10 , 100 .
- Configuration of the IT policy at the server 40may be carried out by means of a graphical user interface (not shown); in another embodiment, the IT policy may be composed as a text file, and then stored as an IT policy file at the client device 10 , 100 .
- FIGS. 4 a and 4 bdepict some exemplary contents of an IT policy 360 , 361 , illustrated in human-readable form for ease of reference.
- the policymay consist of a series of key-value pairs, wherein the key defines a characteristic controlled by the IT policy, and the corresponding value is alterable by an administrator with sufficient administrator access to alter the policy 360 , or by an administrator with sufficient administrator access to alter a subset of the policy 360 that includes the key corresponding to the value to be changed.
- AllowVoiceCallingcorresponds to a rule that may be enacted by the security module and/or a voice calling module executable on the device 10 , 100 equipped with such a feature, that the user is allowed to use the device 10 , 100 to make a voice call.
- An alternate exemplary rule that would determine the availability of a voice calling or SMS functionwould be a rule relating to use of a subscriber identity module (SIM) card in a mobile device 100 .
- SIMsubscriber identity module
- Falseindicates that this rule, when in force, does not allow the user to make voice calls.
- the implementation of IT policies on client deviceswill be generally understood by those skilled in the art. It will further be appreciated that the IT policy may be generated or stored in other formats, and may not consist of key-value pairs, but rather of other commands or instructions that may be applied by the client device 10 , 100 to configure the operation of the device.
- FIG. 6is a flowchart depicting a sequence of steps in the execution of the wipe command on the client device 10 , 100 .
- the commandis received at the client device 10 , 100 .
- the commanditself may have been invoked or input at the client device 10 , 100 , for example by a user or by an administrator, or at the server 40 .
- invocation of the wipe commandmay be carried out at the client device 10 , 100 by a user or administrator explicitly selecting a wipe command option.
- the wipe commandmay alternatively be invoked by a user or administrator deliberately or accidentally engaging in a predetermined action at the client device 10 , 100 , such as entering a password incorrectly for a predetermined number of times, resulting in receipt at the client device 10 , 100 of the incorrect password for the predetermined number of times, or by carrying out another predetermined action or entering into a predetermined condition that triggers the execution of the wipe command by the client device 10 , 100 .
- Invocation of the wipe commandmay be carried out at the server 40 by similar methods.
- “receipt” or “receiving” the wipe commandincludes not only an issuance or invocation of the wipe command, but also a detection, within the client device 10 , 100 , of a predetermined action, condition or trigger for the execution of the wipe command.
- the commandcomprises, or is accompanied by, an indicator of an authorization level associated with the command. If the command is received from the server 40 , in one embodiment it is received over the air; for example, a mobile communication device 100 may receive via the transceiver 411 (shown in FIG. 2 ) an incoming message from a remote location comprising a command at step 500 .
- the client device 10 , 100then verifies or authenticates the received command at step 510 .
- commands issued by the server 40 to the client device 10 , 100are encrypted in messages sent to the client device, in which case the client device 10 , 100 authenticates the received command by passing the received message to a decryption module resident on the client device 10 , 100 , which decrypts the message and extracts the command.
- the client device 10 , 100thus authenticates the command, since the message was encrypted by the server 40 and decrypted using an associated decryption key.
- the authentication step 510may be carried out using some other means of verifying the authenticity of the command such that the client device 10 , 100 may verify the accuracy and/or the provenance of the command at step 510 .
- the verificationmay comprise the verification of some shared secret between the client 10 , 100 and the server 40 that is incorporated into the message; error correction code; or some other form of verification known in the art, such as a checksum. If the command is received at the client device 10 , 100 as an issued or invoked wipe command at the client device 10 , 100 or as the detection of a predetermined action, condition, or trigger at the client device 10 , 100 , then the authentication step 510 may optionally be bypassed.
- the client device 10 , 100sets a flag at step 520 in its non-volatile memory, for example memory 424 of client device 100 shown in FIG. 2 .
- the flagmay be set in the memory at a predetermined, hidden location that is not accessible to third parties via an application programming interface, and is set in the event that the client device 10 , 100 is powered off before the deletion and/or disablement of applications in response to the security command is completed.
- the device 10 , 100may be configured so that when it is powered on, a security module or the boot code configures the processor to check the flag bits during boot-up of the device to determine whether the flag was set; if it was set, the security module or boot code aborts any log-in procedure executable on the device and re-invokes the wipe command. Thus, the wipe command cannot be circumvented without erasing the hidden location of the memory of the client device 10 , 100 .
- the setting of the flag at step 520is described in further detail below.
- the client device 10 , 100then executes the wipe command at step 530 .
- the process of wiping datacan be accomplished by writing zeroes, ones or random combination of ones and zeros to the non-volatile memory 424 , and optionally to portions of the volatile memory 426 , and/or by removing memory references or pointers to the data in the non-volatile memory 424 and portions of the volatile memory 426 .
- the wiping processmay also include repeated overwriting of ones, zeroes, or a random arrangement of ones and zeros over the data to be wiped.
- the IT policy data 315determines whether certain functions or data are available to a user of the device 10 , 100 ; if the IT policy data 315 is deleted, then the next time the device 10 , 100 is accessed by a user, its operation may not be constrained by any rules set in the IT policy data 315 at all.
- This settingmay only be in force so long as there is an IT policy stored at the client device 10 , 100 . If all non-application data were successfully wiped from the device, then the IT policy data 315 would be one of the sets of data deleted; the user would then gain the ability to make outgoing voice calls. Thus, a user may be able to circumvent the IT policy set for his or her device 10 , 100 , at least temporarily until the device 10 , 100 is reconfigured by the server 40 with a new IT policy. The ability to circumvent an IT policy may present a security risk; however, at other times deletion of the IT policy data 315 may be desirable.
- an administrator or usermay wish to only delete the PIM/message data stored on the device 10 , 100 , without affecting other data or the operation of other systems on the device.
- the embodiment described hereinprovides a system for allowing for selective deletion of data at the client device 10 , 100 .
- the wipe commandis accompanied by or comprises an associated indicator of an authorization level.
- the indicator valueis inserted into the command at the time the command is issued, either at the client device 10 , 100 or at the server 40 , and its value is determined by the authorization level associated with the issuer of the wipe command.
- the indicator valuemay be an alphanumeric value; in accordance with one embodiment, a value of 0 signifies the lowest authorization level, and a value of 4 indicates the highest authorization level.
- the various authorization levelsmay be cumulative (i.e., a person with an authorization level of 1 has authority to access the same functions and data at the server 40 and/or client device 10 , 100 as a person with an authorization level of 0, plus access to additional functions and data); alternatively, the various authorization levels may be unrelated and have more or less overlap (i.e., a person with an authorization level of 1 may have access to functions and data at the server 40 only, whereas a person with an authorization level of 0 only has access to functions and data at the client device 10 , 100 ).
- the flag valueis set at step 520 with reference to the indicator value received with the command at step 500 and authenticated at step 510 , and with reference to the IT policy stored at the client device 10 , 100 .
- the flagmay consist of a single bit indicating whether a wipe is in progress
- the flagcomprises a multi-bit value corresponding to the authorization level indicated in the indicator accompanying the wipe command.
- This rulewhen executed by the device 10 , 100 , instructs the device to only wipe the IT policy 360 from memory upon execution of a wipe command if the wipe command is accompanied by an indicator of an authorization level or a flag value corresponding to the IT policy 360 of at least 1.
- This rulewhen executed by the device 10 , 100 , instructs the device to only wipe the IT policy 360 from memory upon execution of a wipe command if the wipe command is accompanied by an indicator of an authorization level or a flag value corresponding to the IT policy 360 of at least 1.
- the IT policymay comprise rules relating to the authorization level required to enable a wipe of the PIM/message data (PIMMessageDatawipeMinLevel), user-entered data (UserDataWipeMinLevel), IT policy (ITPolicyWipeMinLevel), third-party applications (ThirdPartyAppWipeMinLevel), PIM/message applications (PIMMessageAppWipeMinLevel), or key data (KeyDatawipeMinLevel).
- PIMMessageDatawipeMinLeveluser-entered data
- UserDataWipeMinLevelIT policy
- IT PolicyWipeMinLevelIT policy
- Third-party applicationsTinyAppWipeMinLevel
- PIM/message applicationsPIM/message applications
- KeyDatawipeMinLevelkey data
- an authorization level of 4is required to wipe the IT policy, but an authorization level of only 0 is required to wipe PIM/message data.
- the authorization level indicated in the commandis a 4
- all data that requires an authorization level of 4 or lessmay be wiped, which in the above example includes all data types listed above. If the authorization level indicated is zero, then only that data capable of being wiped with that level of authorization (here, PIM/message data and third-party applications) will be wiped. The types of data to be wiped are indicated in the flag.
- the flag 370comprises a number of subset values correlating to each of the data types stored at the client device 10 , 100 .
- the two most significant bitscorrespond to a first data type, here labelled as A01; with reference to FIG. 3 , it can be seen that these bits thus correspond to operating system data 301 .
- the remaining pairs of bits, from most to least significant,thus correspond to key data 302 , PIM/messaging applications 305 , third-party applications 306 , PIM/messaging data 310 - 312 , user-entered data 313 , and IT policies 315 .
- a value of 11 for a pair of bitsindicates that the corresponding data type is flagged for wiping.
- the bit pairs corresponding to third-party applications 306 , PIM/message data 310 - 312 , and user-entered data 313have a value of 11. It will be appreciated that the flag 370 does not require two bits for each type of data; for example, the flag 370 may allocate only one bit per data type, or may have whatever format is suitable for the implementation on the client device 10 , 100 .
- the client device 10 , 100is configured to optionally take other steps upon receipt of a wipe command (for example, to encrypt data rather than delete it), then two bits may be necessary in order for the flag to accurately indicate what action is to be taken on the data; for example, 00 may indicate that no action is to be taken; 01 may indicate that the data is to be encrypted; 11 may indicate that the data is to be deleted.
- the client device 10 , 100is configured to check each subset value contained within the flag 370 in turn.
- the client device 10 , 100checks the next subset or pair of bits in the flag 370 at step 532 .
- the processmay start either with the most significant values or the least significant values. If the device determines that it has reached the end of the flag at step 534 , then the flag is reset to a zero value at step 540 , indicating that the wipe command execution has been completed.
- the device 10 , 100determines whether the subset value is set to the “wipe” value, which in this example is 11 , at step 536 . If the subset value does not indicate that the corresponding data type is to be wiped, the process returns to step 532 . If the subset value indicates that the data type is to be wiped, then at step 538 the client device 10 , 100 locates the data corresponding to the type represented by the subset or bit pair in the flag, for example using the table 350 of FIG. 3 , and deletes the data. The process then returns to step 532 to check the next subset.
- the wipe processis similar, but the subset values in the flag 370 are reset as the corresponding data is deleted.
- the client device 10 , 100checks the next subset or pair of bits in the flag 370 at step 542 . The process may start either with the most significant values or the least significant values. If the device determines that it has reached the end of the flag at step 544 , then the process ends. If the end of the flag has not yet been reached, then the device 10 , 100 determines whether the subset value is set to the “wipe” value, which in this example is 11 , at step 546 .
- the processreturns to step 542 . If the subset value indicates that the data type is to be wiped, then at step 548 the client device 10 , 100 locates the data corresponding to the type represented by the subset or bit pair in the flag, for example using the table 350 of FIG. 3 , and deletes the data. The subset value is then reset (i.e., overwritten with a 00 value) at step 550 . The process then returns to step 542 to check the next subset. It will be appreciated that in either of the foregoing embodiments, the client device may encrypt, rather than delete, the data, or may encrypt the data prior to deleting it. In any event, the data identified by the flag 370 is secured from unauthorized access by either deletion or encryption.
- the rules recorded in the IT policycomprise preconfigured sets of data types that may be wiped by users or administrators of each authorization level. Rather than assigning the ability to wipe a given data type to a minimum authorization level as described with reference to FIG. 4 a above, the client device 10 , 100 stores a set of directives that assign a particular set of data types to an authorization level.
- This useris not authorized to issue a wipe command that wipes any data at the client device 10 , 100 ; for example, if this IT policy were implemented on the client device 10 , 100 and a user with authorization level 0 were logged into the device, then either the wipe command would be disabled on the device 10 , 100 as long as that user was logged into the device, or alternatively the wipe command may be enabled, but would have no practical effect when executed.
- the flag values provided in the example provided in FIG. 4 bmay be interpreted in the same manner as those provided in the example of FIG.
- the pairs of bits in the flagcorrespond to the operating system data 301 , key data 302 , PIM/messaging applications 305 , third-party applications 306 , PIM/messaging data 310 - 312 , user-entered data 313 , and IT policies 315 .
- the flag valueswhen implemented on the client device 10 , 100 , may have a different format, and that the IT policy 361 may comprise a set of directives for encrypting, in addition to or in place of wiping, the data, as described above.
- the wipe rulesmay be stored in a separate file or a different location in memory.
- the rulesare incorporated into the IT policy that is updatable by an administrator or user at the server 40 .
- the ability of an administrator or user to add or remove data types to each rulemay be determined by the administrator's or user's authorization level. For example, an administrator with an authorization level of 4 may be able to access server functions to designate which authorization levels up to and including level 4 may issue a command to wipe which data types.
- An administrator with an authorization level of 3would thus lack sufficient permission to alter the wipe data types or wipe permissions (that is, the data types for which a person at a given authorization level is permitted issue a wipe command to a client device 10 , 100 ) for a level 4 administrator, but would be capable of altering the wipe permissions for an administrator of level 0, 1, 2, or 3.
- FIG. 9 aan example of an administrative interface 700 , such as a dialog box that may be displayed at the server 40 for configuring the various authorization-wipe rules for the IT policy 361 , is shown.
- Each level of administrator/userwith the exception of the highest level of authorization, is provided with access to modify only the wipe permissions for lower authorization levels; but the ability to modify the wipe permissions for those lower authorization levels is determined by the permissions granted to the authorization level currently logged into the server 40 .
- an administrator of authorization level 3is logged in; because only an administrator of authorization level 4 is provided authority by the server functions to alter the authorization level 3 wipe permissions, the checkboxes for selecting data types wipable by administrators of authorization levels 3 and 4 are not alterable, as can be seen by the formatting of the headings “3” and “4” in the interface 700 , and the dashed lines in the checkboxes under those headings.
- the administrator currently logged into the server in this exampleis able to make certain changes to the wipe permissions of authorization levels 0, 1, and 2, but only for those data types for which the administrator has permission to wipe; in other words, the currently logged-in administrator cannot grant wipe permissions that he or she does not currently have.
- FIG. 9 afor example, an administrator of authorization level 3 is logged in; because only an administrator of authorization level 4 is provided authority by the server functions to alter the authorization level 3 wipe permissions, the checkboxes for selecting data types wipable by administrators of authorization levels 3 and 4 are not alterable, as can be seen by the formatting of
- the currently logged-in administratorhas permission to wipe message data, calendar data, address book data, user-created data, and third-party applications, but not PIM/messaging applications, encryption keys, or IT policies, and is therefore presented with a set of configuration options enabling the logged-in administrator to configure security operations such as wiping and/or encryption for users and administrators having a lower authorization level.
- the selection boxes for PIM/messaging applications, encryption keys, and IT policiesare disabled (as illustrated in FIG. 9 a , with dashed lines) for all levels of authorization.
- an administrator with authorization level 4is logged in; therefore, all selections are available to the currently-logged in administrator, as depicted by the solid-line checkboxes and formatting of the example interface 710 .
- the currently-logged in administratormay alter the wipe permissions for its own level, 4, without any effect on the permissions that this level of administrator may grant to other levels.
- this administratorhas chosen to remove its own permission to wipe user-created data on the client device 10 , 100 , as can be seen from the lack of a checkmark in the checkbox 711 . However, this administrator is still able to alter the wipe permissions for the same category of data for all other levels.
- the level 4 administratorhas further disabled the level 4 administrator's wipe permission in relation to address book data as can be seen at the selection box 713 , but the level 2 and 3 administrators or users are still provided with permission to wipe that data category.
- FIG. 9 cdepicts the interface 720 when a level 3 administrator logs into the server 40 after the level 4 administrator has made the changes described in relation to FIG. 9 b .
- the level 3 administratoragain lacks the authority to modify its own wipe permissions.
- the level 4 administratorhad chosen to disable its own ability to wipe user-created data by deselecting the option 711 , because the level 3 administrator was still provided with permission to wipe that data type, the level 3 administrator may still administer that wipe permission for lower levels of authorization.
- the level 3 administratormay still administer that wipe permission for lower levels of authorization.
- the level 4 administratorhad disabled the level 3 administrator's wipe permission with respect to address book data by deselecting 713 , the level 3 administrator is now unable to alter the wipe permissions for that data type for the other administration/user levels; this is denoted in FIG. 9 c by the dashed lines of the selection boxes such as 722 . Because the level 4 administrator had granted the level 1 and 2 administrators wipe permissions for address book data, the corresponding selection boxes are checked. Thus, the wipe permissions set by the level 4 administrator may override the wipe permissions that might otherwise be configurable by the lower level administrators.
- a new IT policy reflecting the newly configured wipe permissionsis constructed at the server 40 and transmitted to the client device 10 , 100 .
- the IT policy thus constructedmay be applied to each and every client device 10 , 100 registered at the server 40 , or to only a subset of those devices.
- the authorization levels required to be able to wipe a given data typeit is not necessary for a user or administrator at a server to choose the particular types of data that are to be deleted as a result of a wipe command at the time the wipe command is issued: the actual determination and identification of the data to be deleted is carried out at the client device 10 , 100 itself, when the wipe command is executed. There is no need for the server 40 to track the different types of data that are stored on the client device 10 , 100 .
- the user's or the administrator's authorization level indicated in the wipe commandis associated with a predetermined set of data types to be wiped by the client device 10 , 100 upon execution of the wipe command at step 530 .
- the authorization levelis still associated with a predetermined set of data types that may be the subject of a wipe command issued by that user or administrator, but the user or administrator is also provided with the option of selecting a subset of the predetermined set of data types to be made the subject of a wipe command.
- FIG. 8 aan exemplary user interface 600 at a server 40 that may be presented to one category of user or administrator, for example a help desk administrator, is shown.
- the user interface 600comprises a listing of users whose accounts may be administered by the help desk administrator logged into the server 40 .
- the administratormay select one user, such as the user 610 , and select an option to “Erase Data and Disable Handheld” from a listing of options.
- the user interfacemay then comprise a pop-up dialog box, such as dialog box 680 , which provides the help desk administrator with a listing of available data types that may be erased, including “Message Data”, “Calendar Data”, “Address Book data”, “Other user-created data”, “PIM/messaging applications”, and “Third-party applications”.
- FIG. 8 bshows a further user interface 600 , when the server 40 is operated by a security administrator with greater privileges than the help desk administrator.
- the administrator logged into the server 40is authorized to issue a wipe command that includes wiping the encryption keys and IT policy; these options in dialog box 690 are, therefore, available to be selected, as can be seen from the formatting in the dialog box 690 .
- the wipe command issued from the servermay comprise at least one indicator of the type or types of data to be wiped by the client device 10 , 100 in executing the wipe command.
- the wipe commandmay further comprise the authorization level of the party issuing the authorization level, so that the client device 10 , 100 may also verify that the issuer possesses sufficient authority to issue the command to wipe the data types indicated at the authentication step 510 . It will be appreciated that this embodiment may be implemented at the client device 10 , 100 as well.
- the foregoing systems and methodsthus provide a means for selectively wiping data at a client device 10 , 100 , depending on the authorization level of the issuer of the wipe command.
- the issuer of the wipe commandmay be a user or administrator using the client device 10 , 100 , and inputting the wipe command on the client device, or a user or administrator at the server 40 issuing the wipe command.
- the user and/or administratormay be provided with one of a number of authorization levels, which is determined by the device 10 , 100 or the server 40 , as the case may be, when the individual logs into the device or server.
- an IT policy stored at the client devicedefines the various types of data that may be selected for wiping.
- a user of the device 10 , 100may be able to invoke a wipe command at the device by selecting a menu option at the device 10 , 100 , or by otherwise deliberately triggering a wipe using the device; as shown in the example described above, while message data, calendar data, and the like may be deleted as a result of this wipe command, the IT policy itself is not deleted, and remains in force on the device 10 , 100 .
- the IT policymay be deleted.
- the systems' and methods' datamay be stored in one or more data stores.
- the data storescan be of many different types of storage devices and programming constructs, such as RAM, ROM, flash memory, programming data structures, programming variables, etc. It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
- Code adapted to provide the systems and methods described abovemay be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.
- computer storage mechanismse.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.
- a module or processorincludes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
Description
- This application claims priority from U.S. Application No. 60/885,796, filed Jan. 19, 2007.
- 1. Technical Field
- The present disclosure relates generally to the field of computer and network security, and more particularly, to wiping data stored on a remote device such as a mobile communication device.
- 2. Description of the Related Art
- Data stored in the memory of a communication and/or computing device, such as a mobile communication device, personal digital assistant (PDA), smartphone, laptop computer, and the like, may include data of a sensitive or critical nature that is accessible only by authorized users. Such data may include e-mail, calendar information, contact information in an address book, and other information that may be utilized, received, or transmitted by or from the communication device in the execution of communication-related or productivity-related applications. The data may further include applications, or data files created at the device or received by an authorized user at the device that are personal to the user, or that are used by the device for the management of data and/or security functions on the communication device. Such data includes information technology (IT) policies, which may comprise rules concerning a variety of security and management-related issues, such as user authorization to use certain functions or install software on the communication device, encryption algorithms in wireless communication, and authentication processes to be employed before allowing user access to data on the device, for example if an authentication token such as a smart card is required.
- Embodiments of the inventive aspects of this disclosure will be best understood with reference to the following detailed description, when read in conjunction with the accompanying drawings, in which:
FIG. 1 is a schematic of a network for implementing a system and method of preventing access to data.FIG. 2 is a block diagram of a mobile communication device for use with the network ofFIG. 1 .FIG. 3 is a schematic representation of data stored in a memory store of a communication device.FIG. 4 ais a schematic representation of data that may be incorporated into an exemplary IT policy.FIG. 4 bis a further schematic representation of data that may be incorporated into an exemplary IT policy.FIG. 5 is a schematic representation of a flag in accordance with one embodiment.FIG. 6 is a flowchart of a method for processing a wipe command at a communication device.FIGS. 7 aand7bare flowcharts of methods for executing a wipe command.FIGS. 8 aand8bare example user interfaces for issuing a wipe command.FIGS. 9 a,9b, and9care further example user interfaces for configuring wipe permissions.- While data may be protected by requiring the user to enter a valid password in order to access applications or data on the device, or by encrypting data stored on the device such that access to the data requires decryption by a valid decryption key, there are instances when the device may be compromised, decommissioned, or redeployed, making it desirable to delete or “wipe” data, including applications, on the communication device so that it cannot be accessed by unauthorized or malicious users. However, it may not always be necessary or desirable to wipe all data and applications from a device.
- Therefore, it is desirable to provide a system and method for selectively wiping data at a communication device. Thus, as described herein, there is provided a method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determining which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and securing the data of the data types indicated by the value comprised in the identified predefined rule.
- In a further aspect, determining which of a plurality of data types is to be secured further comprises, when a predefined rule associated with the authorization level indicated in the received command is not found, identifying a predefined rule associated with the next highest authorization level that is lower than the indicated authorization level. In still a further aspect, the plurality of predefined rules is stored at the client device in association with an IT policy. In another aspect, securing the data further comprises setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured; in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out. In yet a further aspect, securing the data comprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data. the securing operation may comprise one of deleting the data of that data type; encrypting the data of that data type; and encrypting, then deleting, the data of that data type. In a further aspect, the command is received in an encrypted message, and prior to securing the data the command is authenticated by decrypting the message and extracting the command, such that the command is authenticated if the command is extracted successfully. The client device may comprise a mobile communications device, and the command may be received over the air, or received from input at the client device, or received as detection of a predetermined action, condition or trigger for the execution of the wipe command at the client device. In yet a further aspect, prior to receiving the command at the client device, the method may comprise defining, at a location remote from the client device, a plurality of predefined rules associated with an authorization level; and transmitting to the client device the plurality of predefined rules thus defined. Defining the plurality of predefined rules may comprise, for a given authorization level, presenting a set of configuration options for configuring securing operations for each of the plurality of data types for authorization levels lower than the given authorization level; and constructing a plurality of rules comprising selected configuration options. The data types may comprise at least one of an operating system, encryption and decryption keys, personal information management applications, messaging applications, e-mail data, short message service data, instant messaging data, multimedia message data, voicemail data, calendar data, address book data, or IT policies.
- There is further provided a computer readable memory having recorded thereon statements and instructions for execution by a computer to receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determine which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and secure the data of the data types indicated by the value comprised in the identified predefined rule.
- In a further embodiment, there is provided a method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determining which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and securing only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified. In a further aspect, securing the data further comprises setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured; in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out. In another aspect, securing the data comprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data.
- In still a further aspect, there is provided computer readable memory having recorded thereon statements and instructions for execution by a computer to receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; determine which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and secure only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
- In yet a further embodiment, there is provided a mobile client device for selectively securing data from unauthorized access on the client device storing a plurality of data types, the device comprising a processor; a memory storing data comprising at least one of a plurality of data types; and a receiver operatively connected to the processor for receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command; wherein the processor is configured to determine, using at least one predefined rule associated with the authorization level indicated by the authorization level indicator, which of a plurality of data types is to be secured and to secure the data stored in the memory corresponding to each of the plurality of data types thus determined. In a further aspect, each of the predefined rules is associated with one of a plurality of authorization levels, and each of the predefined rules comprises a value indicating each of the plurality of data types to be secured in response to a received command, and wherein the processor is further configured to identify the predefined rule associated with the authorization level indicated in the received command, and to secure only those data types indicated by the value comprised in the identified predefined rule. In still a further aspect, the device further comprises a memory for storing a flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, the processor being further configured to set the flag; in response to the received command, check each of the subset values of the flag, and carry out a securing operation if the subset value indicates that the data of that data type is to be secured; and after each of the subset values has been checked, reset the subset values to indicate that no further securing operation is to be carried out. The processor may be configured to secure the data by deleting the data corresponding to each of the plurality of data types thus determined from the memory, or to secure the data by encrypting the data corresponding to each of the plurality of data types thus determined in the memory. Further, in another aspect, the command may be received in an encrypted message, and the processor is configured to decrypt the message and extract the command, such that the command is authenticated if the command is extracted successfully.
- Referring to
FIG. 1 , an overview of an exemplary communication system for use with the embodiments described below is shown. One skilled in the art will appreciate that there may be many different topologies, but the system shown inFIG. 1 helps demonstrate the operation of the systems and methods described in the present application. There may be many communication devices connected to the system that are not shown in the simple overview ofFIG. 1 . FIG. 1 shows first communication device, here a clientpersonal computer 10, a network, here the Internet20, aserver system 40, awireless gateway 85,wireless infrastructure 90, awireless network 105 and a second communication device, here a clientmobile communication device 100. It will be appreciated by those skilled in the art that the devices referred to herein as client devices, personal computers, mobile devices, mobile communication devices, communication devices, computing devices, or data storage devices may comprise devices whose main function is directed to data or voice communication over a network and data storage, but may also be provided with personal or productivity applications, or devices whose main function is directed to computing or executing productivity applications, but are also adapted to enable a user to communicate over a network. Such devices include, but are not limited to, laptop and notebook computers, PDAs, smartphones, and the like. The client device is capable of communicating over a wireless network, as set out in further detail below.- A client
personal computer 10 may, for example, be connected to an ISP (Internet Service Provider) on which a user of the system has an account, located within a company, possibly connected to a local area network (LAN), and connected to the Internet20, or connected to the Internet20 through a large ASP (application service provider). Those skilled in the art will appreciate that the systems shown inFIG. 1 may instead be connected to a wide area network (WAN) other than the Internet. - The
wireless gateway 85 andinfrastructure 90 provide a link between the Internet20 andwireless network 105. Thewireless infrastructure 90 determines the most likely network for locating a given user and tracks the user as they roam between countries or networks. Messages and other data may be delivered to the clientmobile device 100 via wireless transmission, typically at a radio frequency (RF), from a base station in thewireless network 105 to the clientmobile device 100. Theparticular network 105 may be any wireless network over which messages may be exchanged with a mobile communication device. The clientmobile device 100 may also receive data by other means, for example through a direct connection to a port provided on themobile device 100, such as a Universal Serial Bus (USB) link. - The
server system 40 may be implemented, for example, on a network computer within the firewall of a corporation, a computer within an ISP or ASP system or the like. Theserver system 40 may act as the application, network access, and/or file server for one or more communication devices. In the embodiment described below, theserver system 40 also acts as an authoritative server for managing IP policies and issuing software and security-related commands to theclient devices mobile device 100, if it is configured for receiving and possibly sending e-mail, may be associated with an account on theserver system 40. The software products and other components that are often used in conjunction with the functions of theserver system 40 described herein are not shown inFIG. 1 , as they do not directly play a role in the system and method described below. If theserver system 40 acts as a message server, theserver system 40 may support either a so-called “pull” or “push” message access scheme, wherein themobile device 100 requests that stored messages be forwarded by the message server to the mobile device100 (“pull”), or theserver system 40 may be provided with means for automatically redirecting messages addressed to the user of themobile device 100 as they are received (“push”). - The
server system 40 may be used to provide administrative functions for theclient devices server system 40 for issuing various commands relating to the management and security features of theclient devices server system 40. The system ofFIG. 1 may be configured to provide for multiple levels of administrator-level access; for example, the system ofFIG. 1 may be implemented for use with an organization or institution mandating multiple levels of security authorization and IT support. The IT support roles may comprise “help desk” support, which is authorized to provide a first set of administrator and IT support services to users ofclient devices client devices client devices client devices server 40, and other functions that may require a greater level of knowledge, certification, trust, or security clearance to implement or configure. The level of authorization provided to particular support or administrative personnel may be determined by theserver 40 in accordance with a predetermined IT policy when the individual support person logs into theserver 40; upon login, theserver 40 may look up the individual's administrative authorization level, and provide the individual with access to the functions commensurate with his or her authorization level. - Typically, and particularly in the instance where the client device is a
communication device 100 such as a smartphone, PDA, or laptop or other mobile computer, a single user is designated as the authorized user of theclient device client device client device other client device same client device client device client device client device client device server 40; in the event that a user logs into theclient device network client device - The
client device FIG. 2 , which depicts one embodiment of amobile communication device 100 and is described in detail below, data may be stored innon-volatile memory 424. The data stored on theclient device client device communication device 100. Referring toFIG. 3 , a schematic representation of the data stored at theclient device non-volatile memory 424, and may comprise different types of data such as anoperating system 301;keys 302, which may generally include encryption and decryption keys and addressing information for use in communicating between the communication device and theserver 40; personal information management (PIM) applications andmessaging applications 305; third-party applications that may have been installed by the user or anadministrator 306; message/PIM data, such as e-mail data, short message service (SMS) data, IM data, multimedia message data, andvoicemail data 310,calendar data 311, andaddress book data 312; other user-entered data313; andIT policies 315. The message/PIM data 310 may comprise one or more of the various types of e-mail data and other data310-312.Voicemail data 310 may comprise digitized audio recordings, or may comprise a stub entry available for viewing in a messaging application indicating the availability of a voicemail message stored at another location. The user-entered data313 may comprise text-based, graphic, or other multimedia files loaded onto thecommunication device 100 by the user. The various types ofdata 301 through315 may be provided in whatever data format is best suited for the purpose.IT policy data 315 may be in a human-readable format, but may also be stored in a binary format.FIG. 4 , discussed in more detail below, provides an example of the nature of the information that may be represented byIT policy data 315. - The systems and methods disclosed herein may be used with many different computers and devices, such as a wireless mobile communications device shown in
FIG. 2 . With reference toFIG. 2 , thecommunication device 100 may comprise a dual-mode mobile device and includes atransceiver 411, amicroprocessor 438, adisplay 422,non-volatile memory 424, random access memory (RAM)426, one or more auxiliary input/output (I/O)devices 428, aserial port 430, akeyboard 432, aspeaker 434, amicrophone 436, a short-rangewireless communications sub-system 440, andother device sub-systems 442. - The
transceiver 411 includes areceiver 412, atransmitter 414,antennas local oscillators 413, and a digital signal processor (DSP)420. Theantennas - The
communication device 100 may comprise a two-way communication device having voice and data communication capabilities. Thus, for example, thecommunication device 100 may communicate over a voice network, such as any of the analog or digital cellular networks, and may also communicate over a data network. The voice and data networks are depicted inFIG. 2 by thecommunication tower 419. These voice and data networks may be separate communication networks using separate infrastructure, such as base stations, network controllers, etc., or they may be integrated into a single wireless network. - The
transceiver 411 is used to communicate with the network319, and includes thereceiver 412, thetransmitter 414, the one or more local oscillators313 and the DSP320. The DSP320 is used to send and receive signals to and from thetransceivers receiver 412 and thetransmitter 414. If the voice and data communications occur at a single frequency, or closely-spaced sets of frequencies, then a singlelocal oscillator 413 may be used in conjunction with thereceiver 412 and thetransmitter 414. Alternatively, if different frequencies are utilized for voice communications versus data communications for example, then a plurality oflocal oscillators 413 can be used to generate a plurality of frequencies corresponding to the voice anddata networks 419. Information, which includes both voice and data information, is communicated to and from thetransceiver 311 via a link between theDSP 420 and themicroprocessor 438. - The detailed design of the
transceiver 411, such as frequency band, component selection, power level, etc., will be dependent upon thecommunication network 419 in which themobile device 100 is intended to operate. The voice anddata networks 419 may be separate voice networks and separate data networks, or may comprise integrated voice and data networks. It will be appreciated by those skilled in the art that these embodiments may be implemented on a variety of voice anddata communication networks 419, including, but not limited to, 2G, 2.5G, 3G, 4G, and other voice and data networks, such as GSM, CDMA2000, GPRS, EDGE, W-CDMA (UMTS), FOMA, EV-DO, TD-SCDMA, HSPA, HSOPA, and the like. - Depending upon the type of network or
networks 419, the access requirements for thecommunication device 100 may also vary. For example, in the Mobitex and DataTAC data networks, mobile devices are registered on the network using a unique identification number associated with each mobile device. In GPRS data networks, however, network access is associated with a subscriber or user of a mobile device. A GPRS device typically uses a subscriber identity module SIM, which is required in order to operate a mobile device on a GPRS network. Local or non-network communication functions (if any) may be operable, without the SIM device, but a mobile device will be unable to carry out any functions involving communications over the data network319, other than any legally required operations, such as ‘911’ emergency calling. - After any required network registration or activation procedures have been completed, the
communication device 100 may the send and receive communication signals, including both voice and data signals, over thenetworks 419. Signals received by theantenna 416 from thecommunication network 419 are routed to thereceiver 412, which provides for signal amplification, frequency down conversion, filtering, channel selection, etc., and may also provide analog to digital conversion. Analog to digital conversion of the received signal allows more complex communication functions, such as digital demodulation and decoding to be performed using theDSP 420. In a similar manner, signals to be transmitted to thenetwork 419 are processed, including modulation and encoding, for example, by theDSP 420 and are then provided to thetransmitter 414 for digital to analog conversion, frequency up conversion, filtering, amplification and transmission to thecommunication network 419 via theantenna 418. - In addition to processing the communication signals, the
DSP 420 also provides for transceiver control. For example, the gain levels applied to communication signals in thereceiver 412 and thetransmitter 414 may be adaptively controlled through automatic gain control algorithms implemented in theDSP 420. Other transceiver control algorithms could also be implemented in theDSP 420 in order to provide more sophisticated control of thetransceiver 411. - The
microprocessor 438 manages and controls the overall operation of thecommunication device 100. Many types of microprocessors or microcontrollers could be used here, or, alternatively, asingle DSP 420 could be used to carry out the functions of themicroprocessor 438. Low-level communication functions, including at least data and voice communications, are performed through theDSP 420 in thetransceiver 411. Other, high-level communication applications, such as avoice communication application 424A, and adata communication application 424B may be stored in thenon-volatile memory 424 for execution by themicroprocessor 438. For example, thevoice communication module 424A may provide a high-level user interface operable to transmit and receive voice calls between themobile device 100 and a plurality of other voice or dual-mode devices via thenetwork 419. Similarly, thedata communication module 424B may provide a high-level user interface operable for sending and receiving data, such as e-mail messages, files, organizer information, short text messages, etc., between thecommunication device 100 and a plurality of other data devices via thenetworks 419. Themicroprocessor 438 also interacts with other device subsystems, such as thedisplay 422, theRAM 426, the auxiliary input/output (I/O)subsystems 428, theserial port 430, thekeyboard 432, thespeaker 434, themicrophone 436, the short-range communications subsystem 440 and any other device subsystems generally designated as442. - Some of the subsystems shown in
FIG. 2 perform communication-related functions, whereas other subsystems may provide “resident” or on-device functions. Notably, some subsystems, such as thekeyboard 432 and thedisplay 422 may be used for both communication-related functions, such as entering a text message for transmission over a data communication network, and device-resident functions such as a calculator or task list or other PDA type functions. - Operating system software used by the
microprocessor 438 may be stored in a persistent store such asnon-volatile memory 424. Thenon-volatile memory 424 may be implemented, for example, as a Flash memory component, or as battery backed-up RAM. In addition to the operating system, which controls low-level functions of the mobile device410, thenon-volatile memory 424 includes a plurality ofsoftware modules 424A-424N that can be executed by the microprocessor438 (and/or the DSP420), including avoice communication module 424A, adata communication module 424B, and a plurality of otheroperational modules 424N for carrying out a plurality of other functions. These modules are executed by themicroprocessor 438 and provide a high-level interface between a user and thecommunication device 100. This interface typically includes a graphical component provided through thedisplay 422, and an input/output component provided through the auxiliary I/O 428,keyboard 432,speaker 434, andmicrophone 436. The operating system, specific device applications or modules, or parts thereof, may be temporarily loaded into a volatile store, such asRAM 426 for faster operation. Moreover, received communication signals may also be temporarily stored toRAM 426, before permanently writing them to a file system located in a persistent store such as theflash memory 424. - The
non-volatile memory 424 provides a file system to facilitate storage of PIM data items on the device. The PIM application includes the ability to send and receive data items, either by itself, or in conjunction with the voice anddata communication modules wireless networks 419. The PIM data items are seamlessly integrated, synchronized and updated, via thewireless networks 419, with a corresponding set of data items stored or associated with a host computer system, thereby creating a mirrored system for data items associated with a particular user. - Context objects representing at least partially decoded data items, as well as fully decoded data items, are stored on the
communication device 100 in a volatile and non-persistent store such as theRAM 426. Such information may instead be stored in thenon-volatile memory 424, for example, when storage intervals are relatively short, such that the information is removed from memory soon after it is stored. However, storage of this information in theRAM 426 or another volatile and non-persistent store ensures that the information is erased from memory when thecommunication device 100 loses power. This prevents an unauthorized party from obtaining any stored decoded or partially decoded information by removing a memory chip from thecommunication device 100, for example. - The
communication device 100 may be manually synchronized with a host system by placing thedevice 100 in an interface cradle, which couples theserial port 430 of thecommunication device 100 to the serial port of a computer system or device. Theserial port 430 may also be used to enable a user to set preferences through an external device or software application, or to download other application modules324N for installation. This wired download path may be used to load an encryption key onto the device, which is a more secure method than exchanging encryption information via thewireless network 419. - A short-
range communications subsystem 440 is also included in thecommunication device 100. Thesubsystem 440 may include an infrared device and associated circuits and components, or a short-range RF communication module such as a BLUETOOTH® module or an 802.11 module, for example, to provide for communication with similarly-enabled systems and devices. Those skilled in the art will appreciate that “BLUETOOTH” and “802.11” refer to sets of specifications, available from the Institute of Electrical and Electronics Engineers, relating to wireless personal area networks and wireless local area networks, respectively. - Returning to
FIG. 3 , in accordance with various embodiments the data is stored in a manner such that either the location of the various types of data301-315 is tracked, or that the type of data stored in thememory 300 may be determined by querying a data table, represented by the schematic350. For example, the data table may comprise a look-up reference correlating each type of data with one or more memory address ranges354. Thus, it can be seen that inFIG. 3 , any IT policy data is stored in memory location addresses F0000001 through F0G00000. If theclient device label 352, and the data stored in thememory store 300 may be stored with associatedtags 352, such that thestore 300 can be scanned to identify all data blocks associated with a giventag 352. - As noted above, an IT policy may be stored at the
client device server 40 by a user or administrator vested with sufficient access privileges or security clearance, and is transmitted from theserver 40 to theclient device server 40 may be carried out by means of a graphical user interface (not shown); in another embodiment, the IT policy may be composed as a text file, and then stored as an IT policy file at theclient device FIGS. 4 aand4bdepict some exemplary contents of anIT policy policy 360, or by an administrator with sufficient administrator access to alter a subset of thepolicy 360 that includes the key corresponding to the value to be changed. An example of a key-value pair in the exemplary IT policy is PasswordRequired=True; in this example, PasswordRequired corresponds to a rule that may be enacted by a security module executable on thedevice IT policy 360 is applied. Another exemplary rule depicted in theIT policy 360 is Allowvoicecalling=False. AllowVoiceCalling corresponds to a rule that may be enacted by the security module and/or a voice calling module executable on thedevice device mobile device 100. In this exemplary rule, False indicates that this rule, when in force, does not allow the user to make voice calls. The implementation of IT policies on client devices will be generally understood by those skilled in the art. It will further be appreciated that the IT policy may be generated or stored in other formats, and may not consist of key-value pairs, but rather of other commands or instructions that may be applied by theclient device - Thus, it can be seen that there may be various categories of data stored at the
client device client device data store 300, for example all but the addresses used to store theoperating system 301 and PIM/messaging applications 305, may be accomplished through the invocation of a “wipe” command. FIG. 6 is a flowchart depicting a sequence of steps in the execution of the wipe command on theclient device client device client device server 40. For example, invocation of the wipe command may be carried out at theclient device client device client device client device server 40 by similar methods. In this description, “receipt” or “receiving” the wipe command includes not only an issuance or invocation of the wipe command, but also a detection, within theclient device server 40, in one embodiment it is received over the air; for example, amobile communication device 100 may receive via the transceiver411 (shown inFIG. 2 ) an incoming message from a remote location comprising a command at step500. Theclient device step 510. In one embodiment, commands issued by theserver 40 to theclient device client device client device client device server 40 and decrypted using an associated decryption key. Alternatively, theauthentication step 510 may be carried out using some other means of verifying the authenticity of the command such that theclient device step 510. The verification may comprise the verification of some shared secret between theclient server 40 that is incorporated into the message; error correction code; or some other form of verification known in the art, such as a checksum. If the command is received at theclient device client device client device authentication step 510 may optionally be bypassed.- Following the authentication step or receipt of the wipe command, the
client device step 520 in its non-volatile memory, forexample memory 424 ofclient device 100 shown inFIG. 2 . The flag may be set in the memory at a predetermined, hidden location that is not accessible to third parties via an application programming interface, and is set in the event that theclient device device client device step 520 is described in further detail below. - The
client device step 530. The process of wiping data can be accomplished by writing zeroes, ones or random combination of ones and zeros to thenon-volatile memory 424, and optionally to portions of thevolatile memory 426, and/or by removing memory references or pointers to the data in thenon-volatile memory 424 and portions of thevolatile memory 426. The wiping process may also include repeated overwriting of ones, zeroes, or a random arrangement of ones and zeros over the data to be wiped. - In some circumstances, it may not be desirable to delete all types of data at the
client device device IT policy data 315. As described above, theIT policy data 315 determines whether certain functions or data are available to a user of thedevice IT policy data 315 is deleted, then the next time thedevice IT policy data 315 at all. For example, theIT policy 360 may be configured to prevent a user from making outgoing voice calls (e.g., AllowVoiceCalling=False). This setting may only be in force so long as there is an IT policy stored at theclient device IT policy data 315 would be one of the sets of data deleted; the user would then gain the ability to make outgoing voice calls. Thus, a user may be able to circumvent the IT policy set for his or herdevice device server 40 with a new IT policy. The ability to circumvent an IT policy may present a security risk; however, at other times deletion of theIT policy data 315 may be desirable. As a further example, an administrator or user may wish to only delete the PIM/message data stored on thedevice client device - As noted above, the wipe command is accompanied by or comprises an associated indicator of an authorization level. The indicator value is inserted into the command at the time the command is issued, either at the
client device server 40, and its value is determined by the authorization level associated with the issuer of the wipe command. The indicator value may be an alphanumeric value; in accordance with one embodiment, a value of 0 signifies the lowest authorization level, and a value of 4 indicates the highest authorization level. The various authorization levels may be cumulative (i.e., a person with an authorization level of 1 has authority to access the same functions and data at theserver 40 and/orclient device server 40 only, whereas a person with an authorization level of 0 only has access to functions and data at theclient device 10,100). Thus, when the wipe command is received at theclient device step 520 with reference to the indicator value received with the command at step500 and authenticated atstep 510, and with reference to the IT policy stored at theclient device - Returning to step520, while in a simple implementation the flag may consist of a single bit indicating whether a wipe is in progress, in another embodiment the flag comprises a multi-bit value corresponding to the authorization level indicated in the indicator accompanying the wipe command. The flag value may be determined using the
existing IT policy 360 for thedevice existing IT policy 360 contemplates only one rule relating to the authorization level required to enable a wipe of the IT policy itself, then only a single rule such as ITPolicyWipeMinLevel=1 may be provided in theIT policy 360. This rule, when executed by thedevice IT policy 360 from memory upon execution of a wipe command if the wipe command is accompanied by an indicator of an authorization level or a flag value corresponding to theIT policy 360 of at least 1. In a more robust implementation such as that illustrated inFIG. 4 a, the IT policy may comprise rules relating to the authorization level required to enable a wipe of the PIM/message data (PIMMessageDatawipeMinLevel), user-entered data (UserDataWipeMinLevel), IT policy (ITPolicyWipeMinLevel), third-party applications (ThirdPartyAppWipeMinLevel), PIM/message applications (PIMMessageAppWipeMinLevel), or key data (KeyDatawipeMinLevel). In the example ofFIG. 4 a, an authorization level of 4 is required to wipe the IT policy, but an authorization level of only 0 is required to wipe PIM/message data. Thus, for example, if the authorization level indicated in the command is a 4, then according to the IT policy, all data that requires an authorization level of 4 or less may be wiped, which in the above example includes all data types listed above. If the authorization level indicated is zero, then only that data capable of being wiped with that level of authorization (here, PIM/message data and third-party applications) will be wiped. The types of data to be wiped are indicated in the flag. - An example of a
flag 370 is shown inFIG. 5 . Theflag 370 comprises a number of subset values correlating to each of the data types stored at theclient device FIG. 5 , the two most significant bits correspond to a first data type, here labelled as A01; with reference toFIG. 3 , it can be seen that these bits thus correspond tooperating system data 301. The remaining pairs of bits, from most to least significant, thus correspond tokey data 302, PIM/messaging applications 305, third-party applications 306, PIM/messaging data310-312, user-entered data313, andIT policies 315. - In this embodiment, a value of 11 for a pair of bits indicates that the corresponding data type is flagged for wiping. In the example of
FIG. 5 , the bit pairs corresponding to third-party applications 306, PIM/message data310-312, and user-entered data313 have a value of 11. It will be appreciated that theflag 370 does not require two bits for each type of data; for example, theflag 370 may allocate only one bit per data type, or may have whatever format is suitable for the implementation on theclient device client device - The execution of the wipe command at
step 530 will now be described in detail. In a first embodiment, shown inFIG. 7 a, theclient device flag 370 in turn. Theclient device flag 370 atstep 532. The process may start either with the most significant values or the least significant values. If the device determines that it has reached the end of the flag atstep 534, then the flag is reset to a zero value atstep 540, indicating that the wipe command execution has been completed. If the end of the flag has not yet been reached, then thedevice step 538 theclient device FIG. 3 , and deletes the data. The process then returns to step532 to check the next subset. - In a second embodiment of the execution of the wipe command, shown in
FIG. 7 b, the wipe process is similar, but the subset values in theflag 370 are reset as the corresponding data is deleted. Theclient device flag 370 atstep 542. The process may start either with the most significant values or the least significant values. If the device determines that it has reached the end of the flag atstep 544, then the process ends. If the end of the flag has not yet been reached, then thedevice step 546. If the subset value does not indicate that the corresponding data type is to be wiped, the process returns to step542. If the subset value indicates that the data type is to be wiped, then atstep 548 theclient device FIG. 3 , and deletes the data. The subset value is then reset (i.e., overwritten with a 00 value) atstep 550. The process then returns to step542 to check the next subset. It will be appreciated that in either of the foregoing embodiments, the client device may encrypt, rather than delete, the data, or may encrypt the data prior to deleting it. In any event, the data identified by theflag 370 is secured from unauthorized access by either deletion or encryption. - In an alternate embodiment, the rules recorded in the IT policy comprise preconfigured sets of data types that may be wiped by users or administrators of each authorization level. Rather than assigning the ability to wipe a given data type to a minimum authorization level as described with reference to
FIG. 4 aabove, theclient device FIG. 4 b, in the alternate embodiment theIT policy 361 may comprise at least one rule such as DataWipeAuthLevel0=000000000000000. This rule assigns a flag value of 0000000000000000 to an authorization level corresponding to 0; for example, the authorization level of a typical user. This user is not authorized to issue a wipe command that wipes any data at theclient device client device authorization level 0 were logged into the device, then either the wipe command would be disabled on thedevice FIG. 4 bmay be interpreted in the same manner as those provided in the example ofFIG. 5 , described above; that is to say, beginning with the most significant pair, the pairs of bits in the flag correspond to theoperating system data 301,key data 302, PIM/messaging applications 305, third-party applications 306, PIM/messaging data310-312, user-entered data313, andIT policies 315. Again, it will be appreciated that the flag values, when implemented on theclient device IT policy 361 may comprise a set of directives for encrypting, in addition to or in place of wiping, the data, as described above. - In the example of
FIG. 4 b, further rules are provided for the user/administration authorization levels client device IT policy 361 such that if a rule for a given authorization level is missing from theIT policy 361, then the rule in effect for the next available lower authorization level is enforced for that missing authorization level. Thus, in this example, a wipe command issued by a user/administrator with an authorization level of 3 would be governed by the DataWipeAuthLevel2=00000011111100 rule. It can be seen that in this particular example, which is not intended to be limiting concerning the formatting of rules or flag values, only those users/administrators with an authorization level of 3 are capable of issuing a wipe command that will wipe theIT policy data 315 and thekey data 302. It will be appreciated that the execution of the wipe command will generally follow the same process as that described in respect ofFIG. 4 a. When theuser device step 520 ofFIG. 6 , it will locate the appropriate rule in theIT policy 361 according to the authorization level indicator detected in the received wipe command; then, if the value provided in the rule is in the appropriate format, theclient device step 530. - It will be appreciated that this information need not be contained in a single IT policy file stored at the
client device server 40. Also, the ability of an administrator or user to add or remove data types to each rule may be determined by the administrator's or user's authorization level. For example, an administrator with an authorization level of 4 may be able to access server functions to designate which authorization levels up to and including level 4 may issue a command to wipe which data types. An administrator with an authorization level of 3 would thus lack sufficient permission to alter the wipe data types or wipe permissions (that is, the data types for which a person at a given authorization level is permitted issue a wipe command to aclient device 10,100) for a level 4 administrator, but would be capable of altering the wipe permissions for an administrator oflevel - However, in order to ensure that a lower-level administrator does not add the ability to wipe highly sensitive data, such as encryption
key data 302, when the intention is to restrict that ability to only the highest of authorization levels, the available data categories that are configurable by each administrator/user level may be cascaded. Turning toFIG. 9 a, an example of anadministrative interface 700, such as a dialog box that may be displayed at theserver 40 for configuring the various authorization-wipe rules for theIT policy 361, is shown. Each level of administrator/user, with the exception of the highest level of authorization, is provided with access to modify only the wipe permissions for lower authorization levels; but the ability to modify the wipe permissions for those lower authorization levels is determined by the permissions granted to the authorization level currently logged into theserver 40. InFIG. 9 a, for example, an administrator of authorization level 3 is logged in; because only an administrator of authorization level 4 is provided authority by the server functions to alter the authorization level 3 wipe permissions, the checkboxes for selecting data types wipable by administrators of authorization levels 3 and 4 are not alterable, as can be seen by the formatting of the headings “3” and “4” in theinterface 700, and the dashed lines in the checkboxes under those headings. The administrator currently logged into the server in this example is able to make certain changes to the wipe permissions ofauthorization levels FIG. 9 a, the currently logged-in administrator has permission to wipe message data, calendar data, address book data, user-created data, and third-party applications, but not PIM/messaging applications, encryption keys, or IT policies, and is therefore presented with a set of configuration options enabling the logged-in administrator to configure security operations such as wiping and/or encryption for users and administrators having a lower authorization level. Thus, the selection boxes for PIM/messaging applications, encryption keys, and IT policies are disabled (as illustrated inFIG. 9 a, with dashed lines) for all levels of authorization. - In the example of
FIG. 9 b, an administrator with authorization level 4 is logged in; therefore, all selections are available to the currently-logged in administrator, as depicted by the solid-line checkboxes and formatting of theexample interface 710. In this embodiment, the currently-logged in administrator may alter the wipe permissions for its own level, 4, without any effect on the permissions that this level of administrator may grant to other levels. In the example ofFIG. 9 b, this administrator has chosen to remove its own permission to wipe user-created data on theclient device checkbox 711. However, this administrator is still able to alter the wipe permissions for the same category of data for all other levels. Further, in this example ofFIG. 9 b, the level 4 administrator has further disabled the level 4 administrator's wipe permission in relation to address book data as can be seen at theselection box 713, but thelevel 2 and 3 administrators or users are still provided with permission to wipe that data category. FIG. 9 cdepicts theinterface 720 when a level 3 administrator logs into theserver 40 after the level 4 administrator has made the changes described in relation toFIG. 9 b. As can be seen, the level 3 administrator again lacks the authority to modify its own wipe permissions. However, despite the fact that the level 4 administrator had chosen to disable its own ability to wipe user-created data by deselecting theoption 711, because the level 3 administrator was still provided with permission to wipe that data type, the level 3 administrator may still administer that wipe permission for lower levels of authorization. However, because, as discussed in relation toFIG. 9 b, the level 4 administrator had disabled the level 3 administrator's wipe permission with respect to address book data by deselecting713, the level 3 administrator is now unable to alter the wipe permissions for that data type for the other administration/user levels; this is denoted inFIG. 9 cby the dashed lines of the selection boxes such as722. Because the level 4 administrator had granted thelevel - In this embodiment, after input or alteration of wipe permissions for a user, a new IT policy reflecting the newly configured wipe permissions is constructed at the
server 40 and transmitted to theclient device server 40, the IT policy thus constructed may be applied to each and everyclient device server 40, or to only a subset of those devices. - By defining at the
client device client device server 40 to track the different types of data that are stored on theclient device - In the examples described above, the user's or the administrator's authorization level indicated in the wipe command is associated with a predetermined set of data types to be wiped by the
client device step 530. In a still further embodiment, the authorization level is still associated with a predetermined set of data types that may be the subject of a wipe command issued by that user or administrator, but the user or administrator is also provided with the option of selecting a subset of the predetermined set of data types to be made the subject of a wipe command. Referring toFIG. 8 a, anexemplary user interface 600 at aserver 40 that may be presented to one category of user or administrator, for example a help desk administrator, is shown. Theuser interface 600 comprises a listing of users whose accounts may be administered by the help desk administrator logged into theserver 40. The administrator may select one user, such as theuser 610, and select an option to “Erase Data and Disable Handheld” from a listing of options. The user interface may then comprise a pop-up dialog box, such asdialog box 680, which provides the help desk administrator with a listing of available data types that may be erased, including “Message Data”, “Calendar Data”, “Address Book data”, “Other user-created data”, “PIM/messaging applications”, and “Third-party applications”. However, the further two options shown in thedialog box 680, “Encryption keys” and “IT Policy”, are not available to this help desk administrator as can be seen from the different formatting of these last two options, because this administrator was not provided with sufficient privileges to delete these data types. Thus, the help desk administrator may not select either “Encryption keys” or “IT Policy” to be deleted on a user'sdevice FIG. 8 bshows afurther user interface 600, when theserver 40 is operated by a security administrator with greater privileges than the help desk administrator. In this embodiment, the administrator logged into theserver 40 is authorized to issue a wipe command that includes wiping the encryption keys and IT policy; these options indialog box 690 are, therefore, available to be selected, as can be seen from the formatting in thedialog box 690. In this further embodiment, the wipe command issued from the server may comprise at least one indicator of the type or types of data to be wiped by theclient device client device authentication step 510. It will be appreciated that this embodiment may be implemented at theclient device - The foregoing systems and methods thus provide a means for selectively wiping data at a
client device client device server 40 issuing the wipe command. At either theclient device server 40, the user and/or administrator may be provided with one of a number of authorization levels, which is determined by thedevice server 40, as the case may be, when the individual logs into the device or server. In one embodiment, an IT policy stored at the client device defines the various types of data that may be selected for wiping. - By thus identifying the data to be wiped at the client device on a more “granular” level, according to the wipe command issuer's authorization level, it is possible to avoid the situation where a user deliberately circumvents an IT policy in order to gain access to functions that the user was not intended to use. For example, a user of the
device device device - The systems and methods disclosed herein are presented only by way of example and are not meant to limit the scope of the present disclosure. Other variations of the systems and methods described above will be apparent to those skilled in the art and as such are considered to be within the scope of the present disclosure. For example, it should be understood that steps and the order of the steps in the processing described herein may be altered, modified and/or augmented and still achieve the desired outcome.
- The systems' and methods' data may be stored in one or more data stores. The data stores can be of many different types of storage devices and programming constructs, such as RAM, ROM, flash memory, programming data structures, programming variables, etc. It is noted that data structures describe formats for use in organizing and storing data in databases, programs, memory, or other computer-readable media for use by a computer program.
- Code adapted to provide the systems and methods described above may be provided on many different types of computer-readable media including computer storage mechanisms (e.g., CD-ROM, diskette, RAM, flash memory, computer's hard drive, etc.) that contain instructions for use in execution by a processor to perform the methods' operations and implement the systems described herein.
- The computer components, software modules, functions and data structures described herein may be connected directly or indirectly to each other in order to allow the flow of data needed for their operations. It is also noted that a module or processor includes but is not limited to a unit of code that performs a software operation, and can be implemented for example as a subroutine unit of code, or as a software function unit of code, or as an object (as in an object-oriented paradigm), or as an applet, or in a computer script language, or as another type of computer code.
- A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by any one of the patent document or patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyrights whatsoever.
Claims (26)
1. A method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising:
receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
determining which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and
securing the data of the data types indicated by the value comprised in the identified predefined rule.
2. The method ofclaim 1 , wherein determining which of a plurality of data types is to be secured further comprises, when a predefined rule associated with the authorization level indicated in the received command is not found, identifying a predefined rule associated with the next highest authorization level that is lower than the indicated authorization level.
3. The method ofclaim 2 , wherein the plurality of predefined rules is stored at the client device in association with an IT policy.
4. The method ofclaim 2 , wherein securing the data further comprises:
setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured;
in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and
after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
5. The method ofclaim 2 , wherein the act of securing the data comprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data.
6. The method ofclaim 5 , wherein the securing operation comprises one of deleting the data of that data type; encrypting the data of that data type; or encrypting, then deleting, the data of that data type.
7. The method ofclaim 2 , wherein the command is received in an encrypted message, and prior to securing the data the command is authenticated by decrypting the message and extracting the command, such that the command is authenticated if the command is extracted successfully.
8. The method ofclaim 2 wherein the client device comprises a mobile communications device.
9. The method ofclaim 8 wherein the command is received over the air.
10. The method ofclaim 2 wherein the command is received from input at the client device, or is invoked in response to detection of a predetermined action, condition or trigger for the execution of the command at the client device.
11. The method ofclaim 2 , further comprising, prior to receiving the command at the client device:
defining, at a location remote from the client device, a plurality of predefined rules associated with an authorization level; and
transmitting to the client device the plurality of predefined rules thus defined.
12. The method ofclaim 11 , wherein defining the plurality of predefined rules comprises:
for a given authorization level,
presenting a set of configuration options for configuring securing operations for each of the plurality of data types for authorization levels lower than the given authorization level; and
constructing a plurality of rules comprising selected configuration options.
13. The method ofclaim 2 , wherein the data types comprise at least one of an operating system, encryption and decryption keys, personal information management applications, messaging applications, e-mail data, short message service data, instant messaging data, multimedia message data, voicemail data, calendar data, address book data, or IT policies.
14. The method ofclaim 10 , wherein the predetermined action, condition, or trigger comprises receipt at the client device of an incorrect password a predetermined number of times.
15. A computer readable memory having recorded thereon statements and instructions for execution by a computer to:
receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
determine which of a plurality of data types is to be secured by identifying a predefined rule associated with the authorization level indicated in the received command, wherein the client device is provided with a plurality of predefined rules each associated with one of a plurality of authorization levels, each of the predefined rules comprising a value indicating each of the plurality of data types to be secured in response to a received command; and
secure the data of the data types indicated by the value comprised in the identified predefined rule.
16. A method for selectively securing data from unauthorized access on a client device storing a plurality of data types, the method comprising:
receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
determining which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and
securing only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
17. The method ofclaim 16 , wherein securing the data further comprises:
setting a flag at the client device, the flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured;
in response to the received command, checking each of the subset values of the flag, and carrying out a securing operation if the subset value indicates that the data of that data type is to be secured; and
after each of the subset values has been checked, resetting the subset values to indicate that no further securing operation is to be carried out.
18. The method ofclaim 16 , wherein the act of securing the data comprises one of deleting the data; encrypting the data; or encrypting, then deleting, the data.
19. The method ofclaim 16 wherein the client device comprises a mobile communications device.
20. A computer readable memory having recorded thereon statements and instructions for execution by a computer to:
receive a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
determine which of the plurality of data types is to be secured by identifying each of a plurality of predefined rules comprising an indicator of an authorization level equal to or less than the authorization level indicated in the received command, each of the plurality of predefined rules being associated with one of the plurality of data types; and
secure only the data corresponding to each of the plurality of data types associated with the predefined rules thus identified.
21. A mobile client device for selectively securing data from unauthorized access on the client device storing a plurality of data types, the device comprising:
a processor;
a memory storing data comprising at least one of a plurality of data types; and
a receiver operatively connected to the processor for receiving a command at the client device, the command comprising an indicator of an authorization level, wherein the authorization level is associated with an issuer of the command;
wherein the processor is configured to determine, using at least one predefined rule associated with the authorization level indicated by the authorization level indicator, which of a plurality of data types is to be secured and to secure the data stored in the memory corresponding to each of the plurality of data types thus determined.
22. The mobile client device ofclaim 21 , wherein each of the predefined rules is associated with one of a plurality of authorization levels, and each of the predefined rules comprises a value indicating each of the plurality of data types to be secured in response to a received command, and wherein the processor is further configured to identify the predefined rule associated with the authorization level indicated in the received command, and to secure only those data types indicated by the value comprised in the identified predefined rule.
23. The mobile client device ofclaim 21 , further comprising a memory for storing a flag comprising a subset value for each of the plurality of data types, the subset value indicating whether the data of that data type is to be secured, the processor being further configured to:
set the flag;
in response to the received command, check each of the subset values of the flag, and carry out a securing operation if the subset value indicates that the data of that data type is to be secured; and
after each of the subset values has been checked, reset the subset values to indicate that no further securing operation is to be carried out.
24. The mobile client device ofclaim 21 , wherein the processor is configured to secure the data by deleting the data corresponding to each of the plurality of data types thus determined from the memory.
25. The mobile client device ofclaim 21 , wherein the processor is configured to secure the data by encrypting the data corresponding to each of the plurality of data types thus determined in the memory.
26. The mobile client device ofclaim 21 , wherein the command is received in an encrypted message, and the processor is configured to decrypt the message and extract the command, such that the command is authenticated if the command is extracted successfully.
Priority Applications (7)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US12/016,723US8056143B2 (en) | 2007-01-19 | 2008-01-18 | Selectively wiping a remote device |
| US13/245,061US9100413B2 (en) | 2007-01-19 | 2011-09-26 | Selectively wiping a remote device |
| US13/768,902US9106670B2 (en) | 2007-01-19 | 2013-02-15 | Selectively wiping a remote device |
| US14/816,271US9652629B2 (en) | 2007-01-19 | 2015-08-03 | Selectively wiping a remote device |
| US15/475,901US10162983B2 (en) | 2007-01-19 | 2017-03-31 | Selectively wiping a remote device |
| US16/187,065US10540520B2 (en) | 2007-01-19 | 2018-11-12 | Selectively wiping a remote device |
| US16/561,132US11030338B2 (en) | 2007-01-19 | 2019-09-05 | Selectively wiping a remote device |
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US88579607P | 2007-01-19 | 2007-01-19 | |
| US12/016,723US8056143B2 (en) | 2007-01-19 | 2008-01-18 | Selectively wiping a remote device |
Related Child Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/245,061ContinuationUS9100413B2 (en) | 2007-01-19 | 2011-09-26 | Selectively wiping a remote device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| US20080178300A1true US20080178300A1 (en) | 2008-07-24 |
| US8056143B2 US8056143B2 (en) | 2011-11-08 |
Family
ID=39635606
Family Applications (7)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US12/016,723Active2030-09-09US8056143B2 (en) | 2007-01-19 | 2008-01-18 | Selectively wiping a remote device |
| US13/245,061Active2028-02-13US9100413B2 (en) | 2007-01-19 | 2011-09-26 | Selectively wiping a remote device |
| US13/768,902ActiveUS9106670B2 (en) | 2007-01-19 | 2013-02-15 | Selectively wiping a remote device |
| US14/816,271ActiveUS9652629B2 (en) | 2007-01-19 | 2015-08-03 | Selectively wiping a remote device |
| US15/475,901ActiveUS10162983B2 (en) | 2007-01-19 | 2017-03-31 | Selectively wiping a remote device |
| US16/187,065ActiveUS10540520B2 (en) | 2007-01-19 | 2018-11-12 | Selectively wiping a remote device |
| US16/561,132ActiveUS11030338B2 (en) | 2007-01-19 | 2019-09-05 | Selectively wiping a remote device |
Family Applications After (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US13/245,061Active2028-02-13US9100413B2 (en) | 2007-01-19 | 2011-09-26 | Selectively wiping a remote device |
| US13/768,902ActiveUS9106670B2 (en) | 2007-01-19 | 2013-02-15 | Selectively wiping a remote device |
| US14/816,271ActiveUS9652629B2 (en) | 2007-01-19 | 2015-08-03 | Selectively wiping a remote device |
| US15/475,901ActiveUS10162983B2 (en) | 2007-01-19 | 2017-03-31 | Selectively wiping a remote device |
| US16/187,065ActiveUS10540520B2 (en) | 2007-01-19 | 2018-11-12 | Selectively wiping a remote device |
| US16/561,132ActiveUS11030338B2 (en) | 2007-01-19 | 2019-09-05 | Selectively wiping a remote device |
Country Status (4)
| Country | Link |
|---|---|
| US (7) | US8056143B2 (en) |
| EP (2) | EP2122531B1 (en) |
| CA (1) | CA2676289C (en) |
| WO (1) | WO2008086611A1 (en) |
Cited By (102)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080109370A1 (en)* | 2006-05-25 | 2008-05-08 | Moshir Kevin K | Extraction of information from e-mails and delivery to mobile phones, system and method |
| US20080133930A1 (en)* | 2006-05-25 | 2008-06-05 | Moshir Kevin K | Methods to authenticate access and alarm as to proximity to location |
| US20080167060A1 (en)* | 2006-05-25 | 2008-07-10 | Sean Moshir | Distribution of lottery tickets through mobile devices |
| US20080214111A1 (en)* | 2007-03-02 | 2008-09-04 | Celltrust Corporation | Lost phone alarm system and method |
| US20090265552A1 (en)* | 2008-03-28 | 2009-10-22 | Celltrust Corporation | Systems and methods for secure short messaging service and multimedia messaging service |
| US20090328130A1 (en)* | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Policy-based secure information disclosure |
| US20100299152A1 (en)* | 2009-05-20 | 2010-11-25 | Mobile Iron, Inc. | Selective Management of Mobile Devices in an Enterprise Environment |
| US20110151903A1 (en)* | 2006-05-25 | 2011-06-23 | Celltrust Corporation | Secure mobile information management system and method |
| US20120047368A1 (en)* | 2010-08-20 | 2012-02-23 | Apple Inc. | Authenticating a multiple interface device on an enumerated bus |
| US20120079603A1 (en)* | 2007-01-19 | 2012-03-29 | Research In Motion Limited | Selectively wiping a remote device |
| US20120238206A1 (en)* | 2011-03-14 | 2012-09-20 | Research In Motion Limited | Communications device providing near field communication (nfc) secure element disabling features related methods |
| US8280359B2 (en) | 2006-05-25 | 2012-10-02 | Celltrust Corporation | Methods of authorizing actions |
| CN102782645A (en)* | 2009-12-21 | 2012-11-14 | 惠普发展公司,有限责任合伙企业 | Removing an active application from a remote device |
| JP2012530387A (en)* | 2009-06-10 | 2012-11-29 | クアルコム,インコーポレイテッド | Alarm activated by user for communication device |
| US20130074142A1 (en)* | 2011-09-15 | 2013-03-21 | Microsoft Corporation | Securing data usage in computing devices |
| US20130111598A1 (en)* | 2011-11-02 | 2013-05-02 | Research In Motion Limted | Mobile communications device providing secure element data wiping features and related methods |
| US20140099922A1 (en)* | 2012-10-09 | 2014-04-10 | Cellco Partnership D/B/A Verizon Wireless | Interface for synchronizing automated replies between different messaging systems |
| US20150024711A1 (en)* | 2013-07-19 | 2015-01-22 | James A. STOB | Method and system for compiling map data |
| US20150039738A1 (en)* | 2013-07-30 | 2015-02-05 | Dropbox, Inc. | Techniques for managing unsynchronized content items at unlinked devices |
| US20150089611A1 (en)* | 2012-09-24 | 2015-03-26 | Claremont Speede | Mobile sender controlled data access and data deletion method and system |
| US20150095975A1 (en)* | 2012-10-15 | 2015-04-02 | Citrix Systems, Inc. | Configuring and Providing Profiles that Manage Execution of Mobile Applications |
| US9143910B2 (en)* | 2011-09-30 | 2015-09-22 | Blackberry Limited | Method and system for remote wipe through voice mail |
| US20160042620A1 (en)* | 2013-03-08 | 2016-02-11 | Rtf Research & Technologies Inc. | System, method and computer readable medium for managing mobile devices |
| US20160042192A1 (en)* | 2011-02-28 | 2016-02-11 | Ricoh Company, Ltd. | Electronic Meeting Management For Mobile Wireless Devices With Post Meeting Processing |
| US9286604B2 (en) | 2008-09-22 | 2016-03-15 | Visa International Service Association | Over the air management of payment application installed in mobile device |
| US9521147B2 (en) | 2011-10-11 | 2016-12-13 | Citrix Systems, Inc. | Policy based application management |
| US9521117B2 (en) | 2012-10-15 | 2016-12-13 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
| US9529996B2 (en) | 2011-10-11 | 2016-12-27 | Citrix Systems, Inc. | Controlling mobile device access to enterprise resources |
| EP3116250A1 (en)* | 2009-01-28 | 2017-01-11 | Headwater Partners I LLC | Push messaging with secure agents ids |
| US9557889B2 (en) | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US9571559B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners I Llc | Enhanced curfew and protection associated with a device group |
| US9572033B2 (en) | 2006-05-25 | 2017-02-14 | Celltrust Corporation | Systems and methods for encrypted mobile voice communications |
| US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
| US9578182B2 (en) | 2009-01-28 | 2017-02-21 | Headwater Partners I Llc | Mobile device and service management |
| US9591474B2 (en) | 2009-01-28 | 2017-03-07 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
| US9602474B2 (en) | 2012-10-16 | 2017-03-21 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
| US9609510B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Automated credential porting for mobile devices |
| US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
| US20170116212A1 (en)* | 2010-11-05 | 2017-04-27 | Atc Logistics & Electronics, Inc. | System and method for systematically removing customer personal information from an electronic device |
| US20170118246A1 (en)* | 2015-10-27 | 2017-04-27 | Airwatch Llc | Detection of offline attempts to circumvent security policies |
| US9647918B2 (en) | 2009-01-28 | 2017-05-09 | Headwater Research Llc | Mobile device and method attributing media services network usage to requesting application |
| US9665576B2 (en) | 2012-05-14 | 2017-05-30 | International Business Machines Corporation | Controlling enterprise data on mobile device via the use of a tag index |
| US9663226B2 (en) | 2015-03-27 | 2017-05-30 | Amazon Technologies, Inc. | Influencing acceptance of messages in unmanned vehicles |
| US9674731B2 (en) | 2009-01-28 | 2017-06-06 | Headwater Research Llc | Wireless device applying different background data traffic policies to different device applications |
| US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
| US9705771B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Attribution of mobile device data traffic to end-user application based on socket flows |
| US9714088B2 (en) | 2015-03-27 | 2017-07-25 | Amazon Technologies, Inc. | Unmanned vehicle rollback |
| US9769207B2 (en) | 2009-01-28 | 2017-09-19 | Headwater Research Llc | Wireless network service interfaces |
| US9774658B2 (en) | 2012-10-12 | 2017-09-26 | Citrix Systems, Inc. | Orchestration framework for connected devices |
| US9819808B2 (en) | 2009-01-28 | 2017-11-14 | Headwater Research Llc | Hierarchical service policies for creating service usage data records for a wireless end-user device |
| US9848081B2 (en) | 2006-05-25 | 2017-12-19 | Celltrust Corporation | Dissemination of real estate information through text messaging |
| US9854063B2 (en) | 2012-10-12 | 2017-12-26 | Citrix Systems, Inc. | Enterprise application store for an orchestration framework for connected devices |
| US9912655B2 (en) | 2015-03-27 | 2018-03-06 | Amazon Technologies, Inc. | Unmanned vehicle message exchange |
| US9930027B2 (en)* | 2015-03-27 | 2018-03-27 | Amazon Technologies, Inc. | Authenticated messages between unmanned vehicles |
| US9942796B2 (en) | 2009-01-28 | 2018-04-10 | Headwater Research Llc | Quality of service for device assisted services |
| US9948657B2 (en) | 2013-03-29 | 2018-04-17 | Citrix Systems, Inc. | Providing an enterprise application store |
| US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
| US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
| US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
| US9973930B2 (en) | 2009-01-28 | 2018-05-15 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
| US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
| US9986413B2 (en) | 2009-01-28 | 2018-05-29 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US10057141B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Proxy system and method for adaptive ambient services |
| US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
| US10064033B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Device group partitions and settlement platform |
| US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US10070305B2 (en) | 2009-01-28 | 2018-09-04 | Headwater Research Llc | Device assisted services install |
| US10080250B2 (en) | 2009-01-28 | 2018-09-18 | Headwater Research Llc | Enterprise access control and accounting allocation for access networks |
| US10097584B2 (en) | 2013-03-29 | 2018-10-09 | Citrix Systems, Inc. | Providing a managed browser |
| US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
| US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
| US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
| US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
| US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
| US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
| US10476885B2 (en) | 2013-03-29 | 2019-11-12 | Citrix Systems, Inc. | Application with multiple operation modes |
| US10484362B2 (en)* | 2015-11-30 | 2019-11-19 | Richoh Company, Ltd. | Information processing apparatus, access control method, and recording medium storing access control program |
| US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
| US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
| US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
| US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
| US10789594B2 (en) | 2013-01-31 | 2020-09-29 | Moshir Vantures, Limited, LLC | Method and system to intelligently assess and mitigate security risks on a mobile device |
| US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
| US10831388B2 (en)* | 2019-02-15 | 2020-11-10 | International Business Machines Corporation | Selective data destruction via a sanitizing wipe command |
| US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US10908896B2 (en) | 2012-10-16 | 2021-02-02 | Citrix Systems, Inc. | Application wrapping for application management framework |
| US11093165B2 (en)* | 2018-09-03 | 2021-08-17 | Dynamic Lifecycle Innovations, Inc. | Systems and methods for data sanitization of electronic storage media |
| US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US20220012346A1 (en)* | 2013-09-13 | 2022-01-13 | Vmware, Inc. | Risk assessment for managed client devices |
| US11388172B2 (en)* | 2019-08-07 | 2022-07-12 | Microsoft Technology Licensing, Llc | Cleared user facilitation and control system |
| US20220231996A1 (en)* | 2018-12-04 | 2022-07-21 | Journey.ai | Sourcing information for a zero-knowledge data management network |
| US11412366B2 (en) | 2009-01-28 | 2022-08-09 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US20220405405A1 (en)* | 2018-10-30 | 2022-12-22 | Jason Allen Rexilius | Systems and methods for secure peripherals |
| US11966464B2 (en) | 2009-01-28 | 2024-04-23 | Headwater Research Llc | Security techniques for device assisted services |
| US11973804B2 (en) | 2009-01-28 | 2024-04-30 | Headwater Research Llc | Network service plan design |
| US11985155B2 (en) | 2009-01-28 | 2024-05-14 | Headwater Research Llc | Communications device with secure data path processing agents |
| US12137004B2 (en) | 2009-01-28 | 2024-11-05 | Headwater Research Llc | Device group partitions and settlement platform |
| US12294587B2 (en)* | 2023-04-18 | 2025-05-06 | Dell Products L.P. | System and method for enforcing a security framework for high-risk operations |
| US12389218B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | Service selection set publishing to device agent with on-device service selection |
| US12388810B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US12432130B2 (en) | 2009-01-28 | 2025-09-30 | Headwater Research Llc | Flow tagging for service policy implementation |
Families Citing this family (47)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010011180A1 (en)* | 2008-07-25 | 2010-01-28 | Resolvo Systems Pte Ltd | Method and system for securing against leakage of source code |
| US8555015B2 (en)* | 2008-10-23 | 2013-10-08 | Maxim Integrated Products, Inc. | Multi-layer content protecting microcontroller |
| US8773687B2 (en)* | 2009-03-06 | 2014-07-08 | Ricoh Company, Ltd. | Driverless architecture for printing systems |
| NO20091865L (en)* | 2009-05-12 | 2010-11-15 | Lapback As | Systems, methods and devices for managing multiple mobile devices |
| WO2011070393A1 (en)* | 2009-12-07 | 2011-06-16 | Nokia Corporation | Preservation of user data privacy in a network |
| WO2011091538A1 (en)* | 2010-01-29 | 2011-08-04 | Watermark Data Solutions Ltd. | Method, device and system for remote access of a mobile device |
| US8473743B2 (en) | 2010-04-07 | 2013-06-25 | Apple Inc. | Mobile device management |
| US8495296B2 (en)* | 2010-05-18 | 2013-07-23 | International Business Machines Corporation | System and method for optimizing data remanence over hubrid disk clusters using various storage technologies |
| US8552833B2 (en)* | 2010-06-10 | 2013-10-08 | Ricoh Company, Ltd. | Security system for managing information on mobile wireless devices |
| US8712432B2 (en)* | 2010-07-01 | 2014-04-29 | Absolute Software Corporation | Method and system for tracking mobile electronic devices while conserving cellular network resources |
| US8495753B2 (en) | 2010-09-16 | 2013-07-23 | Ricoh Company, Ltd. | Electronic meeting management system for mobile wireless devices |
| US8874935B2 (en) | 2011-08-30 | 2014-10-28 | Microsoft Corporation | Sector map-based rapid data encryption policy compliance |
| US20130347054A1 (en) | 2012-06-20 | 2013-12-26 | Tetsuro Motoyama | Approach For Managing Access To Data On Client Devices |
| US20140040979A1 (en) | 2011-10-11 | 2014-02-06 | Citrix Systems, Inc. | Policy-Based Application Management |
| US9043480B2 (en) | 2011-10-11 | 2015-05-26 | Citrix Systems, Inc. | Policy-based application management |
| US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
| US11475105B2 (en) | 2011-12-09 | 2022-10-18 | Rightquestion, Llc | Authentication translation |
| US9294452B1 (en) | 2011-12-09 | 2016-03-22 | Rightquestion, Llc | Authentication translation |
| WO2013130555A2 (en) | 2012-02-29 | 2013-09-06 | Good Technology Corporation | Method of operating a computing device, computing device and computer program |
| EP2820585B1 (en) | 2012-02-29 | 2019-04-10 | BlackBerry Limited | Method of operating a computing device, computing device and computer program |
| EP2820793B1 (en)* | 2012-02-29 | 2018-07-04 | BlackBerry Limited | Method of operating a computing device, computing device and computer program |
| US8732792B2 (en) | 2012-06-20 | 2014-05-20 | Ricoh Company, Ltd. | Approach for managing access to data on client devices |
| US9213805B2 (en) | 2012-06-20 | 2015-12-15 | Ricoh Company, Ltd. | Approach for managing access to data on client devices |
| US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
| US20140109171A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
| US8813179B1 (en) | 2013-03-29 | 2014-08-19 | Citrix Systems, Inc. | Providing mobile device management functionalities |
| US9455886B2 (en) | 2013-03-29 | 2016-09-27 | Citrix Systems, Inc. | Providing mobile device management functionalities |
| US8910264B2 (en) | 2013-03-29 | 2014-12-09 | Citrix Systems, Inc. | Providing mobile device management functionalities |
| US20140344570A1 (en) | 2013-05-20 | 2014-11-20 | Microsoft Corporation | Data Protection For Organizations On Computing Devices |
| US9380077B2 (en) | 2013-08-08 | 2016-06-28 | Iboss, Inc. | Switching between networks |
| US8910263B1 (en) | 2013-09-17 | 2014-12-09 | Iboss, Inc. | Mobile device management profile distribution |
| WO2015131204A1 (en)* | 2014-02-28 | 2015-09-03 | Wiper Inc. | System method and apparatus for communication elimination |
| US10615967B2 (en) | 2014-03-20 | 2020-04-07 | Microsoft Technology Licensing, Llc | Rapid data protection for storage devices |
| US9455976B2 (en) | 2014-06-03 | 2016-09-27 | Globalfoundries Inc. | Multi-factor secure appliance decommissioning |
| US20150358353A1 (en)* | 2014-06-06 | 2015-12-10 | Microsoft Corporation | Enhanced selective wipe for compromised devices |
| US9825945B2 (en) | 2014-09-09 | 2017-11-21 | Microsoft Technology Licensing, Llc | Preserving data protection with policy |
| US9853812B2 (en) | 2014-09-17 | 2017-12-26 | Microsoft Technology Licensing, Llc | Secure key management for roaming protected content |
| US9900295B2 (en) | 2014-11-05 | 2018-02-20 | Microsoft Technology Licensing, Llc | Roaming content wipe actions across devices |
| US9727378B2 (en) | 2015-01-21 | 2017-08-08 | Microsoft Technology Licensing, Llc | Persistent unenrollment for devices under management |
| US9762548B2 (en)* | 2015-03-13 | 2017-09-12 | Western Digital Technologies, Inc. | Controlling encrypted data stored on a remote storage device |
| US10331321B2 (en) | 2015-06-07 | 2019-06-25 | Apple Inc. | Multiple device configuration application |
| US9853820B2 (en) | 2015-06-30 | 2017-12-26 | Microsoft Technology Licensing, Llc | Intelligent deletion of revoked data |
| US9900325B2 (en) | 2015-10-09 | 2018-02-20 | Microsoft Technology Licensing, Llc | Passive encryption of organization data |
| US10671325B2 (en) | 2015-10-28 | 2020-06-02 | International Business Machines Corporation | Selective secure deletion of data in distributed systems and cloud |
| CN109213448B (en)* | 2018-08-30 | 2022-04-05 | 东信和平科技股份有限公司 | Method, device, equipment and storage medium for erasing and writing data of smart card |
| WO2021046637A1 (en)* | 2019-09-09 | 2021-03-18 | BicDroid Inc. | Methods and systems for data self-protection |
| FR3104285B1 (en) | 2019-12-05 | 2022-05-27 | St Microelectronics Grenoble 2 | Memory integrity check |
Citations (41)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4882752A (en)* | 1986-06-25 | 1989-11-21 | Lindman Richard S | Computer security system |
| US5150407A (en)* | 1991-12-16 | 1992-09-22 | Chan Steve S C | Secured data storage devices |
| US5265159A (en)* | 1992-06-23 | 1993-11-23 | Hughes Aircraft Company | Secure file erasure |
| US5748084A (en)* | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
| US5901285A (en)* | 1996-12-18 | 1999-05-04 | Intel Corporation | Hierarchical erasure key protection for computer system data |
| US5987609A (en)* | 1996-10-03 | 1999-11-16 | Kabushiki Kaisha Toshiba | System for remotely securing/locking a stolen wireless device via an Email message |
| US6160873A (en)* | 1998-03-30 | 2000-12-12 | Micro Computer Technology, Inc. | System and method for remotely initializing, operating and monitoring a general-purpose computer |
| US6167519A (en)* | 1991-11-27 | 2000-12-26 | Fujitsu Limited | Secret information protection system |
| US6167253A (en)* | 1995-01-12 | 2000-12-26 | Bell Atlantic Network Services, Inc. | Mobile data/message/electronic mail download system utilizing network-centric protocol such as Java |
| US6236971B1 (en)* | 1994-11-23 | 2001-05-22 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
| US6292898B1 (en)* | 1998-02-04 | 2001-09-18 | Spyrus, Inc. | Active erasure of electronically stored data upon tamper detection |
| US20010045884A1 (en)* | 1998-06-17 | 2001-11-29 | Jeff Barrus | Portable computer supporting paging functions |
| US20020002685A1 (en)* | 2000-01-10 | 2002-01-03 | Youngtack Shim | Secure computer |
| US20020066034A1 (en)* | 2000-10-24 | 2002-05-30 | Schlossberg Barry J. | Distributed network security deception system |
| US20020143961A1 (en)* | 2001-03-14 | 2002-10-03 | Siegel Eric Victor | Access control protocol for user profile management |
| US20030097596A1 (en)* | 2001-11-19 | 2003-05-22 | Muratov Alexander Victorovitch | Method and system for protecting data within portable electronic devices |
| US20030149662A1 (en)* | 2000-02-10 | 2003-08-07 | Jon Shore | Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers |
| US20030162555A1 (en)* | 2002-02-26 | 2003-08-28 | Loveland Shawn Domenic | Synchronizing over a number of synchronization mechanisms using flexible rules |
| US20030200454A1 (en)* | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| US20040025053A1 (en)* | 2000-08-09 | 2004-02-05 | Hayward Philip John | Personal data device and protection system and method for storing and protecting personal data |
| US20040124975A1 (en)* | 2002-12-27 | 2004-07-01 | Kabushiki Kaisha Toshiba | Electronic apparatus and data processing method |
| US20040177270A1 (en)* | 2003-02-21 | 2004-09-09 | Little Herbert A. | System and method of multiple-level control of electronic devices |
| US20040181673A1 (en)* | 2003-03-13 | 2004-09-16 | Paul Lin | Method and apparatus for preventing unauthorized access to data and for destroying data upon receiving an unauthorized data access attempt |
| US20050039001A1 (en)* | 2003-07-30 | 2005-02-17 | Microsoft Corporation | Zoned based security administration for data items |
| US20050186954A1 (en)* | 2004-02-20 | 2005-08-25 | Tom Kenney | Systems and methods that provide user and/or network personal data disabling commands for mobile devices |
| US20050278793A1 (en)* | 2000-08-28 | 2005-12-15 | Contentguard Holdings, Inc. | Method and apparatus for providing a specific user interface in a system for managing content |
| US20060236126A1 (en)* | 2005-04-04 | 2006-10-19 | Research In Motion Limited | System and method for deleting confidential information |
| US20060265328A1 (en)* | 2003-07-18 | 2006-11-23 | Global Friendship Inc. | Electronic information management system |
| US20070015490A1 (en)* | 2005-07-14 | 2007-01-18 | Arun Munje | Password methods and systems for use on a mobile device |
| US20070035390A1 (en)* | 2005-08-10 | 2007-02-15 | Theodosios Thomas | Methods, systems, and computer program products for providing context-based, hierarchical security for a mobile device |
| US7197638B1 (en)* | 2000-08-21 | 2007-03-27 | Symantec Corporation | Unified permissions control for remotely and locally stored files whose informational content may be protected by smart-locking and/or bubble-protection |
| US20070094471A1 (en)* | 1998-07-31 | 2007-04-26 | Kom Networks Inc. | Method and system for providing restricted access to a storage medium |
| US20070094463A1 (en)* | 2005-10-25 | 2007-04-26 | Harris Corporation, Corporation Of The State Of Delaware | Mobile wireless communications device providing data management and security features and related methods |
| US7216110B1 (en)* | 1999-10-18 | 2007-05-08 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
| US20070143839A1 (en)* | 2005-12-15 | 2007-06-21 | Microsoft Corporation | Access Unit Switching Through Physical Mediation |
| US20070199075A1 (en)* | 2004-03-17 | 2007-08-23 | Koninklijke Philips Electronics, N.V. | Method of and device for generating authorization status list |
| US7308703B2 (en)* | 2002-12-18 | 2007-12-11 | Novell, Inc. | Protection of data accessible by a mobile device |
| US7665125B2 (en)* | 2002-09-23 | 2010-02-16 | Heard Robert W | System and method for distribution of security policies for mobile devices |
| US7669051B2 (en)* | 2000-11-13 | 2010-02-23 | DigitalDoors, Inc. | Data security system and method with multiple independent levels of security |
| US20100317324A1 (en)* | 2006-05-18 | 2010-12-16 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
| US20110004941A1 (en)* | 2002-08-09 | 2011-01-06 | Visto Corporation | System and method for preventing access to data on a compromised remote device |
Family Cites Families (60)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5048085A (en)* | 1989-10-06 | 1991-09-10 | International Business Machines Corporation | Transaction system security method and apparatus |
| WO1995012197A1 (en) | 1993-10-29 | 1995-05-04 | Kabushiki Kaisha Toshiba | Multi-scene recording medium and reproduction apparatus |
| JPH10124345A (en) | 1996-10-09 | 1998-05-15 | Hewlett Packard Co <Hp> | Method for protecting remote computer |
| GB9710720D0 (en)* | 1997-05-24 | 1997-07-16 | Ncr Int Inc | Method and apparatus for determining the validity of a data processing transaction |
| US6418533B2 (en) | 1997-08-29 | 2002-07-09 | Compaq Information Technologies Group, L.P. | “J” system for securing a portable computer which optionally requires an entry of an invalid power on password (POP), by forcing an entry of a valid POP |
| US6266695B1 (en)* | 1997-12-23 | 2001-07-24 | Alcatel Usa Sourcing, L.P. | Telecommunications switch management system |
| JPH11259423A (en)* | 1998-03-10 | 1999-09-24 | Fujitsu Ltd | Transmission system security system |
| US7546334B2 (en)* | 2000-11-13 | 2009-06-09 | Digital Doors, Inc. | Data security system and method with adaptive filter |
| EP1350167A4 (en)* | 2000-11-16 | 2007-10-24 | Dlj Long Term Invest Corp | System and method for application-level security |
| DE60228647D1 (en)* | 2001-01-20 | 2008-10-16 | Samsung Electronics Co Ltd | SYSTEM AND METHOD FOR REMOTE CONTROL OF A MOBILE TERMINAL |
| US7020645B2 (en)* | 2001-04-19 | 2006-03-28 | Eoriginal, Inc. | Systems and methods for state-less authentication |
| US7095858B2 (en)* | 2001-05-10 | 2006-08-22 | Ranco Incorporated Of Delaware | System and method for securely upgrading firmware |
| US6731447B2 (en) | 2001-06-04 | 2004-05-04 | Xerox Corporation | Secure data file erasure |
| US7380120B1 (en) | 2001-12-12 | 2008-05-27 | Guardian Data Storage, Llc | Secured data format for access control |
| US7475242B2 (en)* | 2001-12-18 | 2009-01-06 | Hewlett-Packard Development Company, L.P. | Controlling the distribution of information |
| US8042189B2 (en) | 2002-03-20 | 2011-10-18 | Research In Motion Limited | System and method to force a mobile device into a secure state |
| GB0211644D0 (en)* | 2002-05-21 | 2002-07-03 | Wesby Philip B | System and method for remote asset management |
| US20030236823A1 (en) | 2002-06-19 | 2003-12-25 | Robert Patzer | Information sharing groups, server and client group applications, and methods therefor |
| US7441264B2 (en)* | 2002-06-24 | 2008-10-21 | International Business Machines Corporation | Security objects controlling access to resources |
| US7343488B2 (en)* | 2002-09-30 | 2008-03-11 | Intel Corporation | Method and apparatus for providing discrete data storage security |
| US7353533B2 (en)* | 2002-12-18 | 2008-04-01 | Novell, Inc. | Administration of protection of data accessible by a mobile device |
| GB2398707B (en)* | 2003-02-21 | 2005-03-30 | Schlumberger Holdings | Authentication method for enabling a user of a mobile station to access to private data or services |
| JP2005011151A (en)* | 2003-06-20 | 2005-01-13 | Renesas Technology Corp | Memory card |
| US20050048951A1 (en)* | 2003-08-25 | 2005-03-03 | Saito William H. | Method and system for alternative access using mobile electronic devices |
| US8176320B1 (en)* | 2003-09-11 | 2012-05-08 | Voice Signals Llc | System and method for data access and control |
| US7430671B2 (en)* | 2004-03-31 | 2008-09-30 | Nortel Networks Limited | Systems and methods for preserving confidentiality of sensitive information in a point-of-care communications environment |
| US7706777B2 (en)* | 2003-09-23 | 2010-04-27 | Broadcom Corporation | Secure user interface in a shared resource environment |
| CN1886712B (en) | 2003-11-28 | 2010-09-08 | 松下电器产业株式会社 | data processing device |
| US7184750B2 (en)* | 2004-03-30 | 2007-02-27 | Nokia Corporation | Smart terminal remote lock and format |
| US20050228938A1 (en) | 2004-04-07 | 2005-10-13 | Rajendra Khare | Method and system for secure erasure of information in non-volatile memory in an electronic device |
| JP4135669B2 (en)* | 2004-04-09 | 2008-08-20 | 日本電気株式会社 | Mobile phone, personal data management method and management control program used for the mobile phone |
| US8074287B2 (en)* | 2004-04-30 | 2011-12-06 | Microsoft Corporation | Renewable and individualizable elements of a protected environment |
| US7543144B2 (en)* | 2004-07-21 | 2009-06-02 | Beachhead Solutions | System and method for lost data destruction of electronic data stored on portable electronic devices |
| US7543160B2 (en)* | 2004-09-03 | 2009-06-02 | Research In Motion Limited | System and method for generating a secure state indicator on a display |
| EP1633155B1 (en) | 2004-09-03 | 2007-04-04 | Research In Motion Limited | System and method for generating a secure state indicator on a display |
| JP4125277B2 (en)* | 2004-09-22 | 2008-07-30 | キヤノン株式会社 | Image forming apparatus and data erasing method |
| US8078216B2 (en) | 2004-10-13 | 2011-12-13 | Intel Corporation | Wireless device content information theft protection system |
| JP4709535B2 (en) | 2004-11-19 | 2011-06-22 | 株式会社東芝 | Semiconductor device manufacturing equipment |
| EP1829316B1 (en)* | 2004-12-22 | 2011-06-22 | Telefonaktiebolaget LM Ericsson (publ) | Means and method for control of personal data |
| KR20080017313A (en)* | 2005-05-19 | 2008-02-26 | 퓨전원 인코포레이티드 | Remote Cordless Phone Auto Destruction |
| US7483896B2 (en)* | 2005-06-06 | 2009-01-27 | Oracle International Corporation | Architecture for computer-implemented authentication and authorization |
| WO2007053848A1 (en)* | 2005-11-01 | 2007-05-10 | Mobile Armor, Llc | Centralized dynamic security control for a mobile device network |
| US7647630B2 (en)* | 2005-12-15 | 2010-01-12 | International Business Machines Corporation | Associating security information with information objects in a data processing system |
| US7512792B2 (en)* | 2005-12-15 | 2009-03-31 | International Business Machines Corporation | Reference monitor method for enforcing information flow policies |
| US20070143601A1 (en)* | 2005-12-15 | 2007-06-21 | Arroyo Diana J | System and method for authorizing information flows |
| EP1811464A1 (en)* | 2005-12-30 | 2007-07-25 | THOMSON Licensing | Installation for protected access to a digital content |
| DE602006006787D1 (en)* | 2006-02-27 | 2009-06-25 | Research In Motion Ltd | Method for personalizing a standardized IT policy |
| US7735116B1 (en)* | 2006-03-24 | 2010-06-08 | Symantec Corporation | System and method for unified threat management with a relational rules methodology |
| SE0950005L (en)* | 2006-11-10 | 2008-05-11 | Densitech Ab | Providing security in relation to mobile terminals |
| US8856511B2 (en)* | 2006-12-14 | 2014-10-07 | Blackberry Limited | System and method for wiping and disabling a removed device |
| EP2122531B1 (en)* | 2007-01-19 | 2014-10-01 | BlackBerry Limited | Selectively wiping a remote device |
| CN101606408B (en)* | 2007-02-07 | 2013-07-10 | 日本电气株式会社 | Communication system and communication method |
| US8145184B2 (en) | 2007-07-31 | 2012-03-27 | Cisco Technology, Inc. | Protected data capture |
| US8676273B1 (en) | 2007-08-24 | 2014-03-18 | Iwao Fujisaki | Communication device |
| US9916481B2 (en) | 2008-04-02 | 2018-03-13 | Yougetitback Limited | Systems and methods for mitigating the unauthorized use of a device |
| US8107944B2 (en)* | 2008-10-14 | 2012-01-31 | Todd Michael Cohan | System and method for automatic data security, back-up and control for mobile devices |
| US8321956B2 (en)* | 2009-06-17 | 2012-11-27 | Microsoft Corporation | Remote access control of storage devices |
| US9378387B2 (en)* | 2010-03-24 | 2016-06-28 | Oracle International Corporation | Multi-level security cluster |
| US9003544B2 (en) | 2011-07-26 | 2015-04-07 | Kaspersky Lab Zao | Efficient securing of data on mobile devices |
| US10305874B2 (en)* | 2017-06-16 | 2019-05-28 | Microsoft Technology Licensing, Llc | Multi-factor execution gateway |
- 2008
- 2008-01-18EPEP08706234.5Apatent/EP2122531B1/enactiveActive
- 2008-01-18EPEP12190992.3Apatent/EP2570961B1/enactiveActive
- 2008-01-18CACA2676289Apatent/CA2676289C/enactiveActive
- 2008-01-18WOPCT/CA2008/000086patent/WO2008086611A1/enactiveApplication Filing
- 2008-01-18USUS12/016,723patent/US8056143B2/enactiveActive
- 2011
- 2011-09-26USUS13/245,061patent/US9100413B2/enactiveActive
- 2013
- 2013-02-15USUS13/768,902patent/US9106670B2/enactiveActive
- 2015
- 2015-08-03USUS14/816,271patent/US9652629B2/enactiveActive
- 2017
- 2017-03-31USUS15/475,901patent/US10162983B2/enactiveActive
- 2018
- 2018-11-12USUS16/187,065patent/US10540520B2/enactiveActive
- 2019
- 2019-09-05USUS16/561,132patent/US11030338B2/enactiveActive
Patent Citations (46)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4882752A (en)* | 1986-06-25 | 1989-11-21 | Lindman Richard S | Computer security system |
| US6167519A (en)* | 1991-11-27 | 2000-12-26 | Fujitsu Limited | Secret information protection system |
| US5150407A (en)* | 1991-12-16 | 1992-09-22 | Chan Steve S C | Secured data storage devices |
| US5265159A (en)* | 1992-06-23 | 1993-11-23 | Hughes Aircraft Company | Secure file erasure |
| US20030023561A1 (en)* | 1994-11-23 | 2003-01-30 | Stefik Mark J. | System for controlling the distribution and use of digital works |
| US7113912B2 (en)* | 1994-11-23 | 2006-09-26 | Contentguard Holdings, Inc. | Composite digital works having usage rights and method for creating the same |
| US6236971B1 (en)* | 1994-11-23 | 2001-05-22 | Contentguard Holdings, Inc. | System for controlling the distribution and use of digital works using digital tickets |
| US6167253A (en)* | 1995-01-12 | 2000-12-26 | Bell Atlantic Network Services, Inc. | Mobile data/message/electronic mail download system utilizing network-centric protocol such as Java |
| US5987609A (en)* | 1996-10-03 | 1999-11-16 | Kabushiki Kaisha Toshiba | System for remotely securing/locking a stolen wireless device via an Email message |
| US5748084A (en)* | 1996-11-18 | 1998-05-05 | Isikoff; Jeremy M. | Device security system |
| US5901285A (en)* | 1996-12-18 | 1999-05-04 | Intel Corporation | Hierarchical erasure key protection for computer system data |
| US6292898B1 (en)* | 1998-02-04 | 2001-09-18 | Spyrus, Inc. | Active erasure of electronically stored data upon tamper detection |
| US6160873A (en)* | 1998-03-30 | 2000-12-12 | Micro Computer Technology, Inc. | System and method for remotely initializing, operating and monitoring a general-purpose computer |
| US20010045884A1 (en)* | 1998-06-17 | 2001-11-29 | Jeff Barrus | Portable computer supporting paging functions |
| US20070094471A1 (en)* | 1998-07-31 | 2007-04-26 | Kom Networks Inc. | Method and system for providing restricted access to a storage medium |
| US7216110B1 (en)* | 1999-10-18 | 2007-05-08 | Stamps.Com | Cryptographic module for secure processing of value-bearing items |
| US20020002685A1 (en)* | 2000-01-10 | 2002-01-03 | Youngtack Shim | Secure computer |
| US20030149662A1 (en)* | 2000-02-10 | 2003-08-07 | Jon Shore | Apparatus, systems and methods for wirelessly transacting financial transfers , electronically recordable authorization transfers, and other information transfers |
| US20040025053A1 (en)* | 2000-08-09 | 2004-02-05 | Hayward Philip John | Personal data device and protection system and method for storing and protecting personal data |
| US7197638B1 (en)* | 2000-08-21 | 2007-03-27 | Symantec Corporation | Unified permissions control for remotely and locally stored files whose informational content may be protected by smart-locking and/or bubble-protection |
| US20050278793A1 (en)* | 2000-08-28 | 2005-12-15 | Contentguard Holdings, Inc. | Method and apparatus for providing a specific user interface in a system for managing content |
| US20020066034A1 (en)* | 2000-10-24 | 2002-05-30 | Schlossberg Barry J. | Distributed network security deception system |
| US7669051B2 (en)* | 2000-11-13 | 2010-02-23 | DigitalDoors, Inc. | Data security system and method with multiple independent levels of security |
| US20020143961A1 (en)* | 2001-03-14 | 2002-10-03 | Siegel Eric Victor | Access control protocol for user profile management |
| US7159120B2 (en)* | 2001-11-19 | 2007-01-02 | Good Technology, Inc. | Method and system for protecting data within portable electronic devices |
| US20030097596A1 (en)* | 2001-11-19 | 2003-05-22 | Muratov Alexander Victorovitch | Method and system for protecting data within portable electronic devices |
| US20030162555A1 (en)* | 2002-02-26 | 2003-08-28 | Loveland Shawn Domenic | Synchronizing over a number of synchronization mechanisms using flexible rules |
| US20030200454A1 (en)* | 2002-04-18 | 2003-10-23 | International Business Machines Corporation | Initializing, maintaining, updating and recovering secure operation within an integrated system employing a data access control function |
| US20110004941A1 (en)* | 2002-08-09 | 2011-01-06 | Visto Corporation | System and method for preventing access to data on a compromised remote device |
| US7665125B2 (en)* | 2002-09-23 | 2010-02-16 | Heard Robert W | System and method for distribution of security policies for mobile devices |
| US7308703B2 (en)* | 2002-12-18 | 2007-12-11 | Novell, Inc. | Protection of data accessible by a mobile device |
| US20040124975A1 (en)* | 2002-12-27 | 2004-07-01 | Kabushiki Kaisha Toshiba | Electronic apparatus and data processing method |
| US20040177270A1 (en)* | 2003-02-21 | 2004-09-09 | Little Herbert A. | System and method of multiple-level control of electronic devices |
| US20040181673A1 (en)* | 2003-03-13 | 2004-09-16 | Paul Lin | Method and apparatus for preventing unauthorized access to data and for destroying data upon receiving an unauthorized data access attempt |
| US20060265328A1 (en)* | 2003-07-18 | 2006-11-23 | Global Friendship Inc. | Electronic information management system |
| US20050039001A1 (en)* | 2003-07-30 | 2005-02-17 | Microsoft Corporation | Zoned based security administration for data items |
| US20050186954A1 (en)* | 2004-02-20 | 2005-08-25 | Tom Kenney | Systems and methods that provide user and/or network personal data disabling commands for mobile devices |
| US20070199075A1 (en)* | 2004-03-17 | 2007-08-23 | Koninklijke Philips Electronics, N.V. | Method of and device for generating authorization status list |
| US20060236126A1 (en)* | 2005-04-04 | 2006-10-19 | Research In Motion Limited | System and method for deleting confidential information |
| US7665146B2 (en)* | 2005-07-14 | 2010-02-16 | Research In Motion Limited | Password methods and systems for use on a mobile device |
| US20070015490A1 (en)* | 2005-07-14 | 2007-01-18 | Arun Munje | Password methods and systems for use on a mobile device |
| US7304570B2 (en)* | 2005-08-10 | 2007-12-04 | Scenera Technologies, Llc | Methods, systems, and computer program products for providing context-based, hierarchical security for a mobile device |
| US20070035390A1 (en)* | 2005-08-10 | 2007-02-15 | Theodosios Thomas | Methods, systems, and computer program products for providing context-based, hierarchical security for a mobile device |
| US20070094463A1 (en)* | 2005-10-25 | 2007-04-26 | Harris Corporation, Corporation Of The State Of Delaware | Mobile wireless communications device providing data management and security features and related methods |
| US20070143839A1 (en)* | 2005-12-15 | 2007-06-21 | Microsoft Corporation | Access Unit Switching Through Physical Mediation |
| US20100317324A1 (en)* | 2006-05-18 | 2010-12-16 | Research In Motion Limited | Automatic security action invocation for mobile communications device |
Cited By (218)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8260274B2 (en) | 2006-05-25 | 2012-09-04 | Celltrust Corporation | Extraction of information from e-mails and delivery to mobile phones, system and method |
| US9680803B2 (en)* | 2006-05-25 | 2017-06-13 | Celltrust Corporation | Systems and methods for secure short messaging service and multimedia messaging service |
| US20080167060A1 (en)* | 2006-05-25 | 2008-07-10 | Sean Moshir | Distribution of lottery tickets through mobile devices |
| US8965416B2 (en) | 2006-05-25 | 2015-02-24 | Celltrust Corporation | Distribution of lottery tickets through mobile devices |
| US9154612B2 (en) | 2006-05-25 | 2015-10-06 | Celltrust Corporation | Secure mobile information management system and method |
| US8862129B2 (en) | 2006-05-25 | 2014-10-14 | Celltrust Corporation | Systems and methods for encrypted mobile voice communications |
| US20080109370A1 (en)* | 2006-05-25 | 2008-05-08 | Moshir Kevin K | Extraction of information from e-mails and delivery to mobile phones, system and method |
| US20110145564A1 (en)* | 2006-05-25 | 2011-06-16 | Celltrust Corporation | Systems and methods for secure short messaging service and multimedia messaging service |
| US20110151903A1 (en)* | 2006-05-25 | 2011-06-23 | Celltrust Corporation | Secure mobile information management system and method |
| US9572033B2 (en) | 2006-05-25 | 2017-02-14 | Celltrust Corporation | Systems and methods for encrypted mobile voice communications |
| US9848081B2 (en) | 2006-05-25 | 2017-12-19 | Celltrust Corporation | Dissemination of real estate information through text messaging |
| US8280359B2 (en) | 2006-05-25 | 2012-10-02 | Celltrust Corporation | Methods of authorizing actions |
| US20080133930A1 (en)* | 2006-05-25 | 2008-06-05 | Moshir Kevin K | Methods to authenticate access and alarm as to proximity to location |
| US8225380B2 (en) | 2006-05-25 | 2012-07-17 | Celltrust Corporation | Methods to authenticate access and alarm as to proximity to location |
| US10540520B2 (en) | 2007-01-19 | 2020-01-21 | Blackberry Limited | Selectively wiping a remote device |
| US9100413B2 (en)* | 2007-01-19 | 2015-08-04 | Blackberry Limited | Selectively wiping a remote device |
| US11030338B2 (en) | 2007-01-19 | 2021-06-08 | Blackberry Limited | Selectively wiping a remote device |
| US20120079603A1 (en)* | 2007-01-19 | 2012-03-29 | Research In Motion Limited | Selectively wiping a remote device |
| US9106670B2 (en) | 2007-01-19 | 2015-08-11 | Blackberry Limited | Selectively wiping a remote device |
| US20080214111A1 (en)* | 2007-03-02 | 2008-09-04 | Celltrust Corporation | Lost phone alarm system and method |
| US20090265552A1 (en)* | 2008-03-28 | 2009-10-22 | Celltrust Corporation | Systems and methods for secure short messaging service and multimedia messaging service |
| US20090328130A1 (en)* | 2008-06-26 | 2009-12-31 | Microsoft Corporation | Policy-based secure information disclosure |
| US9063897B2 (en)* | 2008-06-26 | 2015-06-23 | Microsoft Technology Licensing, Llc | Policy-based secure information disclosure |
| US9286604B2 (en) | 2008-09-22 | 2016-03-15 | Visa International Service Association | Over the air management of payment application installed in mobile device |
| US10115099B2 (en) | 2008-09-22 | 2018-10-30 | Visa International Service Association | Over the air management of payment application installed in mobile device |
| US11037128B2 (en) | 2008-09-22 | 2021-06-15 | Visa International Service Association | Over the air management of payment application installed in mobile device |
| US10115100B2 (en) | 2008-09-22 | 2018-10-30 | Visa International Service Association | Over the air management of payment application installed in mobile device |
| US11039020B2 (en) | 2009-01-28 | 2021-06-15 | Headwater Research Llc | Mobile device and service management |
| US11405429B2 (en) | 2009-01-28 | 2022-08-02 | Headwater Research Llc | Security techniques for device assisted services |
| US12432130B2 (en) | 2009-01-28 | 2025-09-30 | Headwater Research Llc | Flow tagging for service policy implementation |
| US12401984B2 (en) | 2009-01-28 | 2025-08-26 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US12388810B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US12389218B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | Service selection set publishing to device agent with on-device service selection |
| US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US12389217B2 (en) | 2009-01-28 | 2025-08-12 | Headwater Research Llc | Device assisted services install |
| US12309024B2 (en) | 2009-01-28 | 2025-05-20 | Headwater Research Llc | Quality of service for device assisted services |
| US12200786B2 (en) | 2009-01-28 | 2025-01-14 | Headwater Research Llc | Enterprise access control and accounting allocation for access networks |
| US12184700B2 (en) | 2009-01-28 | 2024-12-31 | Headwater Research Llc | Automated device provisioning and activation |
| US10848330B2 (en) | 2009-01-28 | 2020-11-24 | Headwater Research Llc | Device-assisted services for protecting network capacity |
| US12166596B2 (en) | 2009-01-28 | 2024-12-10 | Disney Enterprises, Inc. | Device-assisted services for protecting network capacity |
| US12143909B2 (en) | 2009-01-28 | 2024-11-12 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US12137004B2 (en) | 2009-01-28 | 2024-11-05 | Headwater Research Llc | Device group partitions and settlement platform |
| US12101434B2 (en) | 2009-01-28 | 2024-09-24 | Headwater Research Llc | Device assisted CDR creation, aggregation, mediation and billing |
| EP3116250A1 (en)* | 2009-01-28 | 2017-01-11 | Headwater Partners I LLC | Push messaging with secure agents ids |
| US9557889B2 (en) | 2009-01-28 | 2017-01-31 | Headwater Partners I Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US9571559B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners I Llc | Enhanced curfew and protection associated with a device group |
| US10803518B2 (en) | 2009-01-28 | 2020-10-13 | Headwater Research Llc | Virtualized policy and charging system |
| US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
| US9578182B2 (en) | 2009-01-28 | 2017-02-21 | Headwater Partners I Llc | Mobile device and service management |
| US9591474B2 (en) | 2009-01-28 | 2017-03-07 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
| US11985155B2 (en) | 2009-01-28 | 2024-05-14 | Headwater Research Llc | Communications device with secure data path processing agents |
| US9609459B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Network tools for analysis, design, testing, and production of services |
| US9609510B2 (en) | 2009-01-28 | 2017-03-28 | Headwater Research Llc | Automated credential porting for mobile devices |
| US11973804B2 (en) | 2009-01-28 | 2024-04-30 | Headwater Research Llc | Network service plan design |
| US9615192B2 (en) | 2009-01-28 | 2017-04-04 | Headwater Research Llc | Message link server with plural message delivery triggers |
| US10798254B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | Service design center for device assisted services |
| US11966464B2 (en) | 2009-01-28 | 2024-04-23 | Headwater Research Llc | Security techniques for device assisted services |
| US9641957B2 (en) | 2009-01-28 | 2017-05-02 | Headwater Research Llc | Automated device provisioning and activation |
| US9647918B2 (en) | 2009-01-28 | 2017-05-09 | Headwater Research Llc | Mobile device and method attributing media services network usage to requesting application |
| US11968234B2 (en) | 2009-01-28 | 2024-04-23 | Headwater Research Llc | Wireless network service interfaces |
| US11923995B2 (en) | 2009-01-28 | 2024-03-05 | Headwater Research Llc | Device-assisted services for protecting network capacity |
| US11757943B2 (en) | 2009-01-28 | 2023-09-12 | Headwater Research Llc | Automated device provisioning and activation |
| US11750477B2 (en) | 2009-01-28 | 2023-09-05 | Headwater Research Llc | Adaptive ambient services |
| US9674731B2 (en) | 2009-01-28 | 2017-06-06 | Headwater Research Llc | Wireless device applying different background data traffic policies to different device applications |
| US11665186B2 (en) | 2009-01-28 | 2023-05-30 | Headwater Research Llc | Communications device with secure data path processing agents |
| US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
| US9705771B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Attribution of mobile device data traffic to end-user application based on socket flows |
| US11665592B2 (en) | 2009-01-28 | 2023-05-30 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US11589216B2 (en) | 2009-01-28 | 2023-02-21 | Headwater Research Llc | Service selection set publishing to device agent with on-device service selection |
| US9749898B2 (en) | 2009-01-28 | 2017-08-29 | Headwater Research Llc | Wireless end-user device with differential traffic control policy list applicable to one of several wireless modems |
| US9749899B2 (en) | 2009-01-28 | 2017-08-29 | Headwater Research Llc | Wireless end-user device with network traffic API to indicate unavailability of roaming wireless connection to background applications |
| US11582593B2 (en) | 2009-01-28 | 2023-02-14 | Head Water Research Llc | Adapting network policies based on device service processor configuration |
| US9769207B2 (en) | 2009-01-28 | 2017-09-19 | Headwater Research Llc | Wireless network service interfaces |
| US11570309B2 (en) | 2009-01-28 | 2023-01-31 | Headwater Research Llc | Service design center for device assisted services |
| US9819808B2 (en) | 2009-01-28 | 2017-11-14 | Headwater Research Llc | Hierarchical service policies for creating service usage data records for a wireless end-user device |
| US11563592B2 (en) | 2009-01-28 | 2023-01-24 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
| US11538106B2 (en) | 2009-01-28 | 2022-12-27 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
| US11533642B2 (en) | 2009-01-28 | 2022-12-20 | Headwater Research Llc | Device group partitions and settlement platform |
| US11516301B2 (en) | 2009-01-28 | 2022-11-29 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
| US9866642B2 (en) | 2009-01-28 | 2018-01-09 | Headwater Research Llc | Wireless end-user device with wireless modem power state control policy for background applications |
| US11494837B2 (en) | 2009-01-28 | 2022-11-08 | Headwater Research Llc | Virtualized policy and charging system |
| US11477246B2 (en) | 2009-01-28 | 2022-10-18 | Headwater Research Llc | Network service plan design |
| US11425580B2 (en) | 2009-01-28 | 2022-08-23 | Headwater Research Llc | System and method for wireless network offloading |
| US9942796B2 (en) | 2009-01-28 | 2018-04-10 | Headwater Research Llc | Quality of service for device assisted services |
| US11412366B2 (en) | 2009-01-28 | 2022-08-09 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
| US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
| US11405224B2 (en) | 2009-01-28 | 2022-08-02 | Headwater Research Llc | Device-assisted services for protecting network capacity |
| US10834577B2 (en) | 2009-01-28 | 2020-11-10 | Headwater Research Llc | Service offer set publishing to device agent with on-device service selection |
| US11363496B2 (en) | 2009-01-28 | 2022-06-14 | Headwater Research Llc | Intermediate networking devices |
| US9973930B2 (en) | 2009-01-28 | 2018-05-15 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
| US11337059B2 (en) | 2009-01-28 | 2022-05-17 | Headwater Research Llc | Device assisted services install |
| US9986413B2 (en) | 2009-01-28 | 2018-05-29 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
| US10028144B2 (en) | 2009-01-28 | 2018-07-17 | Headwater Research Llc | Security techniques for device assisted services |
| US11228617B2 (en) | 2009-01-28 | 2022-01-18 | Headwater Research Llc | Automated device provisioning and activation |
| US10057141B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Proxy system and method for adaptive ambient services |
| US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
| US10064033B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Device group partitions and settlement platform |
| US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
| US11219074B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Enterprise access control and accounting allocation for access networks |
| US10070305B2 (en) | 2009-01-28 | 2018-09-04 | Headwater Research Llc | Device assisted services install |
| US10080250B2 (en) | 2009-01-28 | 2018-09-18 | Headwater Research Llc | Enterprise access control and accounting allocation for access networks |
| US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US10798558B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | Adapting network policies based on device service processor configuration |
| US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
| US10855559B2 (en) | 2009-01-28 | 2020-12-01 | Headwater Research Llc | Adaptive ambient services |
| US10171988B2 (en) | 2009-01-28 | 2019-01-01 | Headwater Research Llc | Adapting network policies based on device service processor configuration |
| US10171990B2 (en) | 2009-01-28 | 2019-01-01 | Headwater Research Llc | Service selection set publishing to device agent with on-device service selection |
| US10171681B2 (en) | 2009-01-28 | 2019-01-01 | Headwater Research Llc | Service design center for device assisted services |
| US11190427B2 (en) | 2009-01-28 | 2021-11-30 | Headwater Research Llc | Flow tagging for service policy implementation |
| US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
| US10237773B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | Device-assisted services for protecting network capacity |
| US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
| US10237146B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | Adaptive ambient services |
| US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
| US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
| US11190645B2 (en) | 2009-01-28 | 2021-11-30 | Headwater Research Llc | Device assisted CDR creation, aggregation, mediation and billing |
| US10321320B2 (en) | 2009-01-28 | 2019-06-11 | Headwater Research Llc | Wireless network buffered message system |
| US10320990B2 (en) | 2009-01-28 | 2019-06-11 | Headwater Research Llc | Device assisted CDR creation, aggregation, mediation and billing |
| US10326675B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Flow tagging for service policy implementation |
| US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
| US11190545B2 (en) | 2009-01-28 | 2021-11-30 | Headwater Research Llc | Wireless network service interfaces |
| US11134102B2 (en) | 2009-01-28 | 2021-09-28 | Headwater Research Llc | Verifiable device assisted service usage monitoring with reporting, synchronization, and notification |
| US10462627B2 (en) | 2009-01-28 | 2019-10-29 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
| US11096055B2 (en) | 2009-01-28 | 2021-08-17 | Headwater Research Llc | Automated device provisioning and activation |
| US10791471B2 (en) | 2009-01-28 | 2020-09-29 | Headwater Research Llc | System and method for wireless network offloading |
| US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
| US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
| US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
| US10536983B2 (en) | 2009-01-28 | 2020-01-14 | Headwater Research Llc | Enterprise access control and accounting allocation for access networks |
| US10771980B2 (en) | 2009-01-28 | 2020-09-08 | Headwater Research Llc | Communications device with secure data path processing agents |
| US10985977B2 (en) | 2009-01-28 | 2021-04-20 | Headwater Research Llc | Quality of service for device assisted services |
| US10582375B2 (en) | 2009-01-28 | 2020-03-03 | Headwater Research Llc | Device assisted services install |
| US10681179B2 (en) | 2009-01-28 | 2020-06-09 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
| US10694385B2 (en) | 2009-01-28 | 2020-06-23 | Headwater Research Llc | Security techniques for device assisted services |
| US10869199B2 (en) | 2009-01-28 | 2020-12-15 | Headwater Research Llc | Network service plan design |
| US10716006B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | End user device that secures an association of application to service policy with an application certificate check |
| US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
| US10749700B2 (en) | 2009-01-28 | 2020-08-18 | Headwater Research Llc | Device-assisted services for protecting network capacity |
| US20100299152A1 (en)* | 2009-05-20 | 2010-11-25 | Mobile Iron, Inc. | Selective Management of Mobile Devices in an Enterprise Environment |
| JP2012530387A (en)* | 2009-06-10 | 2012-11-29 | クアルコム,インコーポレイテッド | Alarm activated by user for communication device |
| CN102782645A (en)* | 2009-12-21 | 2012-11-14 | 惠普发展公司,有限责任合伙企业 | Removing an active application from a remote device |
| US20120047368A1 (en)* | 2010-08-20 | 2012-02-23 | Apple Inc. | Authenticating a multiple interface device on an enumerated bus |
| US8561207B2 (en)* | 2010-08-20 | 2013-10-15 | Apple Inc. | Authenticating a multiple interface device on an enumerated bus |
| US20170116212A1 (en)* | 2010-11-05 | 2017-04-27 | Atc Logistics & Electronics, Inc. | System and method for systematically removing customer personal information from an electronic device |
| US20160042192A1 (en)* | 2011-02-28 | 2016-02-11 | Ricoh Company, Ltd. | Electronic Meeting Management For Mobile Wireless Devices With Post Meeting Processing |
| US20120238206A1 (en)* | 2011-03-14 | 2012-09-20 | Research In Motion Limited | Communications device providing near field communication (nfc) secure element disabling features related methods |
| US10165007B2 (en)* | 2011-09-15 | 2018-12-25 | Microsoft Technology Licensing, Llc | Securing data usage in computing devices |
| US20130074142A1 (en)* | 2011-09-15 | 2013-03-21 | Microsoft Corporation | Securing data usage in computing devices |
| US9143910B2 (en)* | 2011-09-30 | 2015-09-22 | Blackberry Limited | Method and system for remote wipe through voice mail |
| US10402546B1 (en) | 2011-10-11 | 2019-09-03 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| US10044757B2 (en) | 2011-10-11 | 2018-08-07 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| US10063595B1 (en) | 2011-10-11 | 2018-08-28 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| US11134104B2 (en) | 2011-10-11 | 2021-09-28 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| US9529996B2 (en) | 2011-10-11 | 2016-12-27 | Citrix Systems, Inc. | Controlling mobile device access to enterprise resources |
| US10469534B2 (en) | 2011-10-11 | 2019-11-05 | Citrix Systems, Inc. | Secure execution of enterprise applications on mobile devices |
| US9521147B2 (en) | 2011-10-11 | 2016-12-13 | Citrix Systems, Inc. | Policy based application management |
| US9197293B2 (en)* | 2011-11-02 | 2015-11-24 | Blackberry Limited | Mobile communications device providing secure element data management features and related methods |
| US9106272B2 (en)* | 2011-11-02 | 2015-08-11 | Blackberry Limited | Mobile communications device providing secure element data wiping features and related methods |
| US20130111598A1 (en)* | 2011-11-02 | 2013-05-02 | Research In Motion Limted | Mobile communications device providing secure element data wiping features and related methods |
| US20130109308A1 (en)* | 2011-11-02 | 2013-05-02 | Research In Motion Limited | Mobile communications device providing secure element data management features and related methods |
| US9665576B2 (en) | 2012-05-14 | 2017-05-30 | International Business Machines Corporation | Controlling enterprise data on mobile device via the use of a tag index |
| US9665577B2 (en) | 2012-05-14 | 2017-05-30 | International Business Machines Corporation | Controlling enterprise data on mobile device via the use of a tag index |
| CN104981791A (en)* | 2012-09-24 | 2015-10-14 | 克莱尔蒙特·斯皮德 | Mobile sender controlled data access and data deletion methods and systems |
| US20150089611A1 (en)* | 2012-09-24 | 2015-03-26 | Claremont Speede | Mobile sender controlled data access and data deletion method and system |
| US9760590B2 (en)* | 2012-09-24 | 2017-09-12 | Claremont Speede | Mobile sender controlled data access and data deletion method and system |
| US9060275B2 (en)* | 2012-10-09 | 2015-06-16 | Cellco Partnership | Interface for synchronizing automated replies between different messaging systems |
| US20140099922A1 (en)* | 2012-10-09 | 2014-04-10 | Cellco Partnership D/B/A Verizon Wireless | Interface for synchronizing automated replies between different messaging systems |
| US9774658B2 (en) | 2012-10-12 | 2017-09-26 | Citrix Systems, Inc. | Orchestration framework for connected devices |
| US9854063B2 (en) | 2012-10-12 | 2017-12-26 | Citrix Systems, Inc. | Enterprise application store for an orchestration framework for connected devices |
| US9654508B2 (en)* | 2012-10-15 | 2017-05-16 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
| US20150095975A1 (en)* | 2012-10-15 | 2015-04-02 | Citrix Systems, Inc. | Configuring and Providing Profiles that Manage Execution of Mobile Applications |
| US9973489B2 (en) | 2012-10-15 | 2018-05-15 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
| US9521117B2 (en) | 2012-10-15 | 2016-12-13 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
| US9858428B2 (en) | 2012-10-16 | 2018-01-02 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
| US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
| US9602474B2 (en) | 2012-10-16 | 2017-03-21 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
| US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
| US10908896B2 (en) | 2012-10-16 | 2021-02-02 | Citrix Systems, Inc. | Application wrapping for application management framework |
| US10545748B2 (en) | 2012-10-16 | 2020-01-28 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
| US10789594B2 (en) | 2013-01-31 | 2020-09-29 | Moshir Vantures, Limited, LLC | Method and system to intelligently assess and mitigate security risks on a mobile device |
| US9858777B2 (en)* | 2013-03-08 | 2018-01-02 | Sensormedia Inc. | System, method and computer readable medium for managing mobile devices |
| US20160042620A1 (en)* | 2013-03-08 | 2016-02-11 | Rtf Research & Technologies Inc. | System, method and computer readable medium for managing mobile devices |
| US10834583B2 (en) | 2013-03-14 | 2020-11-10 | Headwater Research Llc | Automated credential porting for mobile devices |
| US10171995B2 (en) | 2013-03-14 | 2019-01-01 | Headwater Research Llc | Automated credential porting for mobile devices |
| US11743717B2 (en) | 2013-03-14 | 2023-08-29 | Headwater Research Llc | Automated credential porting for mobile devices |
| US10476885B2 (en) | 2013-03-29 | 2019-11-12 | Citrix Systems, Inc. | Application with multiple operation modes |
| US9948657B2 (en) | 2013-03-29 | 2018-04-17 | Citrix Systems, Inc. | Providing an enterprise application store |
| US10097584B2 (en) | 2013-03-29 | 2018-10-09 | Citrix Systems, Inc. | Providing a managed browser |
| US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
| US10965734B2 (en) | 2013-03-29 | 2021-03-30 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
| US10701082B2 (en) | 2013-03-29 | 2020-06-30 | Citrix Systems, Inc. | Application with multiple operation modes |
| US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
| US10491599B2 (en) | 2013-07-19 | 2019-11-26 | James A. STOB | Method and system for compiling map data |
| US20150024711A1 (en)* | 2013-07-19 | 2015-01-22 | James A. STOB | Method and system for compiling map data |
| US9912674B2 (en) | 2013-07-19 | 2018-03-06 | James A. STOB | Method and system for compiling map data |
| US9749408B2 (en)* | 2013-07-30 | 2017-08-29 | Dropbox, Inc. | Techniques for managing unsynchronized content items at unlinked devices |
| US20150039738A1 (en)* | 2013-07-30 | 2015-02-05 | Dropbox, Inc. | Techniques for managing unsynchronized content items at unlinked devices |
| US20220012346A1 (en)* | 2013-09-13 | 2022-01-13 | Vmware, Inc. | Risk assessment for managed client devices |
| US12124586B2 (en)* | 2013-09-13 | 2024-10-22 | Omnissa, Llc | Risk assessment for managed client devices |
| US9714088B2 (en) | 2015-03-27 | 2017-07-25 | Amazon Technologies, Inc. | Unmanned vehicle rollback |
| US9912655B2 (en) | 2015-03-27 | 2018-03-06 | Amazon Technologies, Inc. | Unmanned vehicle message exchange |
| US9663226B2 (en) | 2015-03-27 | 2017-05-30 | Amazon Technologies, Inc. | Influencing acceptance of messages in unmanned vehicles |
| US9930027B2 (en)* | 2015-03-27 | 2018-03-27 | Amazon Technologies, Inc. | Authenticated messages between unmanned vehicles |
| US10979415B2 (en) | 2015-03-27 | 2021-04-13 | Amazon Technologies, Inc. | Unmanned vehicle message exchange |
| US10432672B2 (en) | 2015-10-27 | 2019-10-01 | Airwatch Llc | Detection of offline attempts to circumvent security policies |
| US9967287B2 (en)* | 2015-10-27 | 2018-05-08 | Airwatch Llc | Detection of offline attempts to circumvent security policies |
| US20170118246A1 (en)* | 2015-10-27 | 2017-04-27 | Airwatch Llc | Detection of offline attempts to circumvent security policies |
| US10484362B2 (en)* | 2015-11-30 | 2019-11-19 | Richoh Company, Ltd. | Information processing apparatus, access control method, and recording medium storing access control program |
| US11093165B2 (en)* | 2018-09-03 | 2021-08-17 | Dynamic Lifecycle Innovations, Inc. | Systems and methods for data sanitization of electronic storage media |
| US20220405405A1 (en)* | 2018-10-30 | 2022-12-22 | Jason Allen Rexilius | Systems and methods for secure peripherals |
| US20220231996A1 (en)* | 2018-12-04 | 2022-07-21 | Journey.ai | Sourcing information for a zero-knowledge data management network |
| US12341760B2 (en)* | 2018-12-04 | 2025-06-24 | Journey.ai | Sourcing information for a zero-knowledge data management network |
| US11888830B2 (en)* | 2018-12-04 | 2024-01-30 | Journey.ai | Sourcing information for a zero-knowledge data management network |
| US10831388B2 (en)* | 2019-02-15 | 2020-11-10 | International Business Machines Corporation | Selective data destruction via a sanitizing wipe command |
| US11388172B2 (en)* | 2019-08-07 | 2022-07-12 | Microsoft Technology Licensing, Llc | Cleared user facilitation and control system |
| US12294587B2 (en)* | 2023-04-18 | 2025-05-06 | Dell Products L.P. | System and method for enforcing a security framework for high-risk operations |
Also Published As
| Publication number | Publication date |
|---|---|
| CA2676289C (en) | 2018-01-02 |
| EP2570961A1 (en) | 2013-03-20 |
| US20120079603A1 (en) | 2012-03-29 |
| US9106670B2 (en) | 2015-08-11 |
| WO2008086611A1 (en) | 2008-07-24 |
| US20190392172A1 (en) | 2019-12-26 |
| US20130167247A1 (en) | 2013-06-27 |
| US20170206378A1 (en) | 2017-07-20 |
| EP2122531B1 (en) | 2014-10-01 |
| EP2570961B1 (en) | 2019-03-13 |
| US9652629B2 (en) | 2017-05-16 |
| US20190080114A1 (en) | 2019-03-14 |
| US10162983B2 (en) | 2018-12-25 |
| EP2122531A1 (en) | 2009-11-25 |
| US8056143B2 (en) | 2011-11-08 |
| CA2676289A1 (en) | 2008-07-24 |
| US20150339495A1 (en) | 2015-11-26 |
| US9100413B2 (en) | 2015-08-04 |
| US11030338B2 (en) | 2021-06-08 |
| US10540520B2 (en) | 2020-01-21 |
| EP2122531A4 (en) | 2010-04-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11030338B2 (en) | Selectively wiping a remote device | |
| US11568029B2 (en) | Method and system for remote data access | |
| AU2021347175B2 (en) | Encrypted file control | |
| HK1180789A (en) | Selectively wiping a remote device | |
| HK1180789B (en) | Selectively wiping a remote device | |
| TR2023006911T2 (en) | ENCRYPTED FILE CONTROL |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:RESEARCH IN MOTION LIMITED, CANADA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, MICHAEL K.;BROWN, MICHAEL S.;LITTLE, HERBERT A.;AND OTHERS;REEL/FRAME:020744/0223;SIGNING DATES FROM 20080227 TO 20080305 Owner name:RESEARCH IN MOTION LIMITED, CANADA Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BROWN, MICHAEL K.;BROWN, MICHAEL S.;LITTLE, HERBERT A.;AND OTHERS;SIGNING DATES FROM 20080227 TO 20080305;REEL/FRAME:020744/0223 | |
| STCF | Information on status: patent grant | Free format text:PATENTED CASE | |
| CC | Certificate of correction | ||
| AS | Assignment | Owner name:BLACKBERRY LIMITED, ONTARIO Free format text:CHANGE OF NAME;ASSIGNOR:RESEARCH IN MOTION LIMITED;REEL/FRAME:032644/0712 Effective date:20130709 | |
| FPAY | Fee payment | Year of fee payment:4 | |
| MAFP | Maintenance fee payment | Free format text:PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment:8 | |
| MAFP | Maintenance fee payment | Free format text:PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment:12 |